As it happens Benson already made sure ACCESS-CONTROL-ALLOW-CREDENTIALS
is set if needed so nothing more to add in this regard on the CXF end.
I guess the only issue is that a custom filter that enforces basic
authentication should actually sit after the CORS filter otherwise this
BasicAuth/Cookie/ClientCert filter has to add the above header (plus
ACCESS-CONTROL-ALLOW-ORIGIN at the bare minimum) itself
Sergey
On 22/06/12 13:02, semecxf wrote:
Do you know where AuthorizationPolicy gets stuffed into
org.apache.cxf.message.Message so that
org.apache.cxf.jaxrs.ext.RequestHandler has access to AuthorizationPolicy
--
View this message in context:
http://cxf.547215.n5.nabble.com/CORS-and-Http-Basic-Authentication-tp5710112p5710144.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
