Author: markt Date: Wed Sep 12 21:02:16 2018 New Revision: 1840759 URL: http://svn.apache.org/viewvc?rev=1840759&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62676 Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests.
Modified: tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/filter.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1840759&r1=1840758&r2=1840759&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed Sep 12 21:02:16 2018 @@ -76,6 +76,11 @@ <bug>62712</bug>: Correct NPE in Manager application when attempting to view configured certificates for an APR/native TLS connector. (markt) </fix> + <fix> + <bug>62676</bug>: Expand the CORS filter documentation to make it clear + that explicit configuration is required to enable support for + cross-origin requests. (markt) + </fix> </changelog> </subsection> <subsection name="Other"> Modified: tomcat/trunk/webapps/docs/config/filter.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1840759&r1=1840758&r2=1840759&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/filter.xml (original) +++ tomcat/trunk/webapps/docs/config/filter.xml Wed Sep 12 21:02:16 2018 @@ -116,6 +116,15 @@ <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>]]></source> + <p>The above configuration enables the filter but does not relax the + cross-origin policy. As a minimum, you will need to add a + <strong>cors.allowed.origins</strong> initialisation parameter as described + below to enable cross-origin requests. Depending on your requirements, you + may need to provide additional configuration.</p> + <p>An instance of this filter can only implement one policy. If you want to + apply different policies (e.g. different allowed origins) to different URLs + or sets of URLs within your web application you will need to configure a + separate instance of this filter for each policy you wish to configure.</p> </subsection> <subsection name="Filter Class Name"> <p>The filter class name for the CORS Filter is --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org