Hi, On Mon, Dec 5, 2011 at 19:17, Krishna Sundaresan <[email protected]> wrote: > We have been trying to get PUT requests work correctly with the > CrossOriginFilter. We have the following definition in web.xml > > <filter> > <filter-name>cross-origin</filter-name> > <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter > </filter-class> > <init-param> > <param-name>allowedMethods</param-name> > <param-value>GET,POST,PUT,OPTIONS,HEAD</param-value> > </init-param> > </filter> > > However, we observe that PUT requests still fail. > > The pre-flight response is: > > Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, HEAD > > But when the actual PUT request is made the filter returns a 405. This > seems be due to the way the method isMethodAllowed in the filter is > structured. The method checks to see if the header > Access-Control-Request-Method is present. However, for the actual PUT > request browsers (at least Firefox in my limited testing) do not send > this header; it is sent only for the pre-flight OPTIONS request. > > This page also seems to suggest that the browsers will not send this > header for the actual PUT request: > http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request > > Can some one on the list please assist me with this? Is this a bug in > the filter?
Yes, looks like a bug. Can you please file an issue in bugzilla ? Thanks, Simon -- http://cometd.org http://intalio.com http://bordet.blogspot.com ---- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
