Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.9.0-incubating
-
None
Description
I just had a look at the CORS support in Stanbol and I have a question to that.
In the CORS specification [1], I read that in a CORS request with a preflight the client sets the request header:
Access-Control-Request-Headers: .... (let's say: origin, content-type, accept)
Access-Control-Request-Method: .... (let's say: POST)
and the server (in this case Stanbol) answers with:
Access-Control-Allow-Headers: ... (let's say: origin, content-type, accept)
Access-Control-Allow-Origin: ... (let's say: *)
Access-Control-Allow-Method: (let's say: GET, POST, OPTIONS)
However, when I perform a query to the Entityhub, e.g., http://dev.iks-project.eu:8081/entityhub/entity/
Stanbol answers correctly with
Access-Control-Allow-Headers: origin, content-type, accept
Access-Control-Allow-Origin: *
BUT:
Access-Control-Request-Method: GET, POST, OPTIONS
instead of
Access-Control-Allow-Method: GET, POST, OPTIONS
Gladly, for the GET and POST requests that somehow works anyways, but for a PUT and DELETE request
that fails again.