[CAMEL-9205] REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.15.0
Fix Version/s: 2.15.4, 2.16.1, 2.17.0
Component/s: rest
Labels:
None

Estimated Complexity:
Unknown

Description

I tried enabling CORS for our camel REST endpoint and it does not really work.
The Access-Control-Allow-Origin header is sent, as it should be. Unfortunately the value of the header is "*, *" which is not accepted as correct by newer browser versions.
Firefox 41.0.1 and Chrome 45.0 both reject this header value and do not allow cross domain access. It seems newer browsers only
accept a single domain name or "*" and not a list of domains.

See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header

So please change the default behavior to send only "*".

I tried setting the header value manually:

But this results in a header value of "*, localhost" which is also not accepted.

A workaround is to set <corsHeaders key="Access-Control-Allow-Origin" value=""/> which results in a value of "*" for some reason.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Claus Ibsen

Reporter:: Martin Scheffler

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Oct/15 08:00

Updated:: 10/Oct/15 08:05

Resolved:: 10/Oct/15 08:05

Agile

View on Board

REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment