Try adding: cors.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
On Thu, Jul 6, 2017 at 8:45 AM, <[email protected]> wrote: > Hi, > > I have setup CORS filter in my dropwizard application as below. But I > don't see dropwizard setting the '*Access-Control-Allow-Origin' *header > in the server response. My browser returns a 401 Authorisation error. > My REST endpoint (http://localhost:8199/api/iceberg/reconciliations) is > working fine and returns a valid JSON message when invoked. > > Can you please advise how I can resolve this issue or find out why > dropwizard is not setting the expected headers? > > *My CORS setup in dropwizard is as below* > > @Override > public void run(MyAppConfiguration myAppConfiguration, Environment > environment) throws Exception { > //Force browsers to reload all js and html files for every request as > angular gets screwed up > environment.servlets() > .addFilter("CacheBustingFilter", new CacheBustingFilter()) > .addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), > true, "/*"); > > enableCorsHeaders(environment); > > } > > > private void enableCorsHeaders(Environment env) { > final FilterRegistration.Dynamic cors = > env.servlets().addFilter("CORS", CrossOriginFilter.class); > > // Configure CORS parameters > cors.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*"); > cors.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, > "X-Requested-With,Content-Type,Accept,Origin"); > cors.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, > "OPTIONS,GET,PUT,POST,DELETE,HEAD"); > > // Add URL mapping > cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), > true, "/*"); > } > > > > When I call the REST endpoint from my angular application I don't see > dropwizard returning the 'Access-Control-Allow-Origin' header on the > response. I also don't see any preflight requests from the application. > The HTTP request-response is as below when the http://localhost:8199/api/ > iceberg/reconciliations is called from my angular application. > > GET http://localhost:8199/api/iceberg/reconciliations > Accept: application/json, text/plain, */* > Origin: http://localhost:4200 > X-DevTools-Emulate-Network-Conditions-Client-Id: > 90d7ac77-f45f-4d60-a667-a56da9e0582b > X-DevTools-Request-Id: 7836.4077 > User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 > Referer: http://localhost:4200/dashboard > Accept-Encoding <http://localhost:4200/dashboardAccept-Encoding>: gzip, > deflate, br > Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 > *HTTP/1.1 401 Unauthorized* > Date: Thu, 06 Jul 2017 10:59:14 GMT > WWW-Authenticate: BASIC realm="application" > Content-Length: 0 > > > > *CURL - OPTIONS METHOD* > > Moreover I checked using CURL to see how the OPTIONS method response > looks like from the server, I get the same not authorized 401 response. > > $ curl -H "Origin: http://example.com"; > -H "Access-Control-Request-Method: POST" > -H "Access-Control-Request-Headers: X-Requested-With" > -X OPTIONS --verbose http://localhost:8199/api/iceberg/reconciliations > > > *CURL command response does not have the Access control header* > > * STATE: INIT => CONNECT handle 0x6000578f0; line 1410 (connection #-5000) > * Added connection 0. The cache now contains 1 members > * STATE: CONNECT => WAITRESOLVE handle 0x6000578f0; line 1446 (connection > #0) > * Trying ::1... > * TCP_NODELAY set > * STATE: WAITRESOLVE => WAITCONNECT handle 0x6000578f0; line 1527 > (connection #0) > * Connected to localhost (::1) port 8199 (#0) > * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000578f0; line 1579 > (connection #0) > * Marked for [keep alive]: HTTP default > * STATE: SENDPROTOCONNECT => DO handle 0x6000578f0; line 1597 (connection > #0) > > OPTIONS /api/iceberg/reconciliations HTTP/1.1 > > Host: localhost:8199 > > User-Agent: curl/7.54.1 > > Accept: */* > > Origin: http://example.com > > Access-Control-Request-Method: POST > > Access-Control-Request-Headers: X-Requested-With > > > * STATE: DO => DO_DONE handle 0x6000578f0; line 1676 (connection #0) > * STATE: DO_DONE => WAITPERFORM handle 0x6000578f0; line 1801 (connection > #0) > * STATE: WAITPERFORM => PERFORM handle 0x6000578f0; line 1811 (connection > #0) > * HTTP 1.1 or later with persistent connection, pipelining supported > *< HTTP/1.1 401 Unauthorized* > < Date: Thu, 06 Jul 2017 10:53:52 GMT > < WWW-Authenticate: BASIC realm="application" > < Content-Length: 0 > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- William Herbert [email protected] -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
