Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-9205

REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.15.0
    • Fix Version/s: 2.15.4, 2.16.1, 2.17.0
    • Component/s: rest
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      I tried enabling CORS for our camel REST endpoint and it does not really work.
      The Access-Control-Allow-Origin header is sent, as it should be. Unfortunately the value of the header is "*, *" which is not accepted as correct by newer browser versions.
      Firefox 41.0.1 and Chrome 45.0 both reject this header value and do not allow cross domain access. It seems newer browsers only
      accept a single domain name or "*" and not a list of domains.

      See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header

      So please change the default behavior to send only "*".

      I tried setting the header value manually:

      <restConfiguration component="servlet" bindingMode="json" contextPath="MyService/rest" port="8080" enableCORS="true">
      <corsHeaders key="Access-Control-Allow-Origin" value="localhost"/>
      </restConfiguration>

      But this results in a header value of "*, localhost" which is also not accepted.

      A workaround is to set <corsHeaders key="Access-Control-Allow-Origin" value=""/> which results in a value of "*" for some reason.

        Attachments

          Activity

            People

            • Assignee:
              davsclaus Claus Ibsen
              Reporter:
              mscheffler Martin Scheffler
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: