Spring Boot swallowing Access-Control-Request-Headers on OPTIONS preflight -

- September 15, 2011

i have spring boot rest application has simple cors filter on it. want dynamically respond values in access-control-request-headers header, rather provide specific list. common wisdom seems explicitly set values returned in "access-control-allow-headers", white-listing set of origins , want allow headers send. cannot find way parrot value of access-control-allow-headers in access-control-request-headers.

here's code

   @override public void dofilter(servletrequest servletrequest, servletresponse servletresponse, filterchain filterchain)     throws ioexception, servletexception {      httpservletresponse response = (httpservletresponse) servletresponse;     response.setheader("access-control-allow-origin", "*");     response.setheader("access-control-allow-methods", "post, put, get, delete, options"); // need enable other methods when/as implemented     response.setheader("access-control-max-age", "3600");     response.setheader("access-control-allow-headers",         ((httpservletrequest) servletrequest).getheader("access-control-request-headers"));     filterchain.dofilter(servletrequest, servletresponse); }

with request & response chrome (when hard-coding value of access-control-allow-headers)

remote address:10.199.240.16:443 request url:https://myapp.com/gradebooks/5566669e-e4b0-d05e-0150-98d7ffffffff/assignments/3ad7f1e7-679b-4d8b-856e-d2e3589eaad6 request method:options status code:200 ok  response headers     view source     access-control-allow-methods → post, put, get, delete, options     access-control-max-age → 3600     content-type → application/hal+json; charset=utf-8     date → tue, 21 jul 2015 20:42:29 gmt     server → jetty(9.2.9.v20150224)     transfer-encoding → chunked     x-application-context → application  request headers     view source     accept:*/*     accept-encoding:gzip, deflate, sdch     accept-language:en-us,en;q=0.8     access-control-request-headers:accept, content-type     access-control-request-method:put     connection:keep-alive     host:gbservices-api.dev-prsn.com     origin:http://localhost:3000     referer:http://localhost:3000/     user-agent:mozilla/5.0 (macintosh; intel mac os x 10_10_1) applewebkit/537.36 (khtml, gecko) chrome/43.0.2357.134 safari/537.36

this error

xmlhttprequest cannot load https://myapp.com/gradebooks/5566669e-e4b0-d05e-0150-98d7ffffffff/assignments/3ad7f1e7-679b-4d8b-856e-d2e3589eaad6. request header field content-type not allowed access-control-allow-headers.

what i've found debugging filter access-control-request-headers, , header, missing time gets filter. misspell header , arrives, seems intercepting header , discarding before gets filter...

Search This Blog

Ruby Co

Spring Boot swallowing Access-Control-Request-Headers on OPTIONS preflight -

Comments

Post a Comment

Popular posts from this blog

python - Healpy: From Data to Healpix map -

c - Bitwise operation with (signed) enum value -

xslt - Unnest parent nodes by child node -