-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ankit,
On 4/25/14, 12:16 AM, Ankit Singhal wrote: > Hi > > I did more research on this and figure out the issue.If you see > the headers from Android and look into Origin Header. > > Origin: file:// > > Tomcat CORS filter tries to validate the URI in Origin header and > considers "file://" as an invalid URI and returns back 403. > > I have applied <accept-origin>*</accept-origin> params. So > shouldn't CORS filter honor this ? Current trunk looks like it should work: if you given "*" value for cors.allowed.origins, then the isOriginAllowed method should immediately return true, regardless of the value provided for "Origin" (including no value). > I agree that Client also has the problem , but still server > should also allow... Are you willing to hack the code a bit and add some debug output? Perhaps something else is going wrong... - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTWna9AAoJEBzwKT+lPKRYVOMQAIUa4UkfK/z11ZmhOuCdq1NS 7z3s0SukYHeSwHibE7kKUn7GpmSZHA5xpuTbxNmu/7eqJN33g102TOu7vbxTupn9 C5SIlAfR0vfXGkh4zqrsxH0VhUqb/ZhT1TI3hQppn8Ze9HCCStyFle0s9SO30QEY LW2D3HwQlTcIcrQlFnWwWLsHacLPKL6D96td4sZ0LmraKdwJttydWTet7/XC6sdJ 2j/ui7+2ImGy+mxSDMXaUiZ86nd/OoqFTSyN2S1RYKbW3CWsY1DcDHOIJyGdpHJT frLDwJYMxqJPLmLBIhRy+m7K3JKrLod/wY2fiJKRlhWYl0wyTV3JVRd8KqnOhj9N emjdtst5e010mWdSW3gwZ9hvagkUBnQc3IzoTak/nklVy/dJ6QodiiqVVePH/yJf N4ZB+ma/IUgFDhtJaTWbSL2ipjXVcR26mhlHRUQqS/lWTc53jwhp+vYskdaEFO0J o7viW46yZoQL4skQYgM4gSVmepm55ulfsh5cMayXGYFzZMI5g9x5SykFZ5JhgstT 45vAgSHmQI0AWM4pb7Nzfgj6940jGiePF7G3rUkmiuzLkPqpSkUk2nAWnYEjyelI CHfPR44gD+ZJpuDXonKKoGtH65vJJgOZXn5h0su1g999ueviLFRkjmThDvHPKeAu 9SH9aq8nPB1P7QaqAkI0 =z3Cr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org