Uploaded image for project: 'Causeway'
  1. Causeway
  2. CAUSEWAY-2454

CORS Filter not in FilterChain?

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0-M4
    • 2.0.0-M5
    • Viewer RO
    • None
    • Windows 10
    • Hide
      When I set a breakpoint at org.apache.shiro.web.servlet.AbstractShiroFilter:365 I see
      chain.filters has 7++ non-null elements:

      # characterEncodingFIlter
      # webMvcMetricsFilter
      # formContentFilter
      # requestContextFilter
      # ShiroFilter
      # IsisLogOnExceptionFilter
      # IsisRestfulObjectInteractionFilter
      # Tomcat WebSocket (JSR356) Filter

      but no CORS filter.

      Is this as expected?
      Show
      When I set a breakpoint at org.apache.shiro.web.servlet.AbstractShiroFilter:365 I see chain.filters has 7++ non-null elements: # characterEncodingFIlter # webMvcMetricsFilter # formContentFilter # requestContextFilter # ShiroFilter # IsisLogOnExceptionFilter # IsisRestfulObjectInteractionFilter # Tomcat WebSocket (JSR356) Filter but no CORS filter. Is this as expected?

    Description

      Given: demo-wicket started from IntelliJ with Spring Boot Configuration, JDK11, Maven Goal 'Demo- Wicket: clean install'

      When:  curl --user sven:pass -v -H "Access-Control-Request-Method: GET" -H "Origin: http://localhost:3000"   -X OPTIONS http://localhost:8080/restful/user

      Actual: 

      *   Trying 127.0.0.1...

      • TCP_NODELAY set
      • Connected to localhost (127.0.0.1) port 8080 (#0)
      • Server auth using Basic with user 'sven'
        > OPTIONS /restful/user HTTP/1.1
        > Host: localhost:8080
        > Authorization: Basic c3ZlbjpwYXNz
        > User-Agent: curl/7.55.1
        > Accept: /
        > Access-Control-Request-Method: GET
        > Origin: http://localhost:3000
        >
        < HTTP/1.1 500
        < Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Sun, 25-Oct-2020 10:13:42 GMT
        < Vary: Origin
        < Vary: Access-Control-Request-Method
        < Vary: Access-Control-Request-Headers
        < Access-Control-Allow-Origin: http://localhost:3000
        < Access-Control-Allow-Methods: GET
        < Access-Control-Allow-Credentials: true
        < Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
        < Content-Length: 0
        < Date: Mon, 26 Oct 2020 10:13:42 GMT
        < Connection: close
        <
      • Closing connection 0

      Expected: 

      HTTP 200, Content-Length > 0

      Attachments

        1. cors.log
          12 kB
          Jörg Rade

        Issue Links

          Activity

            People

              joerg.rade Jörg Rade
              joerg.rade Jörg Rade
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: