The best option is to make an exception mapper for 
DefaultOptionsMethodException and add the CORS headers within the toResponse 
method of the mapper. For example: 

public class OptionsMethodExceptionMapper implements 

public Response toResponse(DefaultOptionsMethodException exception) { 

Response.ResponseBuilder builder =Response.ok(); 
// add CORS to headers of the builder 

By doing this all your resources will have OPTIONS response with CORS headers. 


A.P. Rajshekhar 
----- Original Message -----
From: "andrew simpson" <> 
Sent: Tuesday, April 1, 2014 11:28:45 AM 
Subject: [Resteasy-users] @OPTIONS / allowing cross-site scripting 

I've hit a well-known problem with cross site scripting; I'd like to develop 
javascript locally, but using REST services hosted remotely

I've tried a number of ways of implementing an OPTIONS method that allows 
clients from other origins to collect, but none of them seem to work. I've 
tried curl to confirm with curl, but don't see the access-control-* headers 
returned; my suspicion is that the @path directives are somehow not matching my 

Does anyone have a pointer to an example which works with a recent version of 
RestEasy (I'm using 3.0.6 and JBoss AS 7.1.1) 


Resteasy-users mailing list

Reply via email to