2014-04-26 13:16 GMT+02:00 Martin Gainty <mgai...@hotmail.com>: >> Date: Sat, 26 Apr 2014 11:43:05 +0530 >> Subject: Re: CORS issue with Tomcat and Android Webview >> From: ankising...@gmail.com >> To: users@tomcat.apache.org >> >> On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian >> <tere...@tmbsw.com>wrote: >> >> > On 4/24/2014 11:16 PM, Ankit Singhal wrote: >> > >> >> Hi >> >> >> >> I did more research on this and figure out the issue.If you see the >> >> headers >> >> from Android and look into Origin Header. >> >> >> >> Origin: file:// >> >> >> >> Tomcat CORS filter tries to validate the URI in Origin header and >> >> considers >> >> "file://" as an invalid URI and returns back 403. >> >> >> >> I have applied <accept-origin>*</accept-origin> params. So shouldn't CORS >> >> filter honor this ? >> >> >> >> I agree that Client also has the problem , but still server should also >> >> allow... >> >>
Hi: I'm watching this flowchart https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png and I wonder if Tomcat 7 checks if the request received belongs to the right type. I mean, if browser sends a simple request ( eg. POST + application/xml content-type header ) WC3 spec says that request should be a preflight request , does Tomcat check this case ? Regards --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org