Hi, On Wed, Feb 24, 2021 at 4:49 PM Bruno Konik <[email protected]> wrote: > > Hello, > > I am using embedded Jetty 9.4.35. > > Having a ServletContextHandler with a CORS filter : > > FilterHolder cors = context.addFilter(CrossOriginFilter.class, > "/*",EnumSet.of(DispatcherType.REQUEST))); > > cors.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, > authorizedOrigins4AllowOriginHeader); > > cors.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, > "GET,POST,HEAD,OPTIONS"); > > cors.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, > "X-Requested-With,Content-Type,Accept,Origin,Cache-Control"); > > cors.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, "false"); > > > > I would like to update my list of authorized origins > (authorizedOrigins4AllowOriginHeader) while the server is running without > stopping and restarting anything. What is the best way to do that with > embedded Jetty ?
Why do you want to do that? I ask because it goes against the security features that the CORS filter provides, and also I don't see how you can atomically update the value while other requests are flowing through the filter? Consider also that the "Access-Control-Allow-Origin" is an HTTP response header like others, so applications that have access to the response object may modify it or even remove it. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
