On Tue, Dec 6, 2011 at 04:27, Simone Bordet <[email protected]> wrote: > Hi, > > On Mon, Dec 5, 2011 at 19:17, Krishna Sundaresan <[email protected]> > wrote: >> We have been trying to get PUT requests work correctly with the >> CrossOriginFilter. We have the following definition in web.xml >> >> <filter> >> <filter-name>cross-origin</filter-name> >> <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter >> </filter-class> >> <init-param> >> <param-name>allowedMethods</param-name> >> <param-value>GET,POST,PUT,OPTIONS,HEAD</param-value> >> </init-param> >> </filter> >> >> However, we observe that PUT requests still fail. >> >> The pre-flight response is: >> >> Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, HEAD >> >> But when the actual PUT request is made the filter returns a 405. This >> seems be due to the way the method isMethodAllowed in the filter is >> structured. The method checks to see if the header >> Access-Control-Request-Method is present. However, for the actual PUT >> request browsers (at least Firefox in my limited testing) do not send >> this header; it is sent only for the pre-flight OPTIONS request. >> >> This page also seems to suggest that the browsers will not send this >> header for the actual PUT request: >> http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request >> >> Can some one on the list please assist me with this? Is this a bug in >> the filter? > > Yes, looks like a bug. > Can you please file an issue in bugzilla ?
Thanks. https://bugs.eclipse.org/bugs/show_bug.cgi?id=365746 _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
