Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OData plugin and CORS #859

Open
matcho opened this issue Apr 5, 2022 · 2 comments
Open

OData plugin and CORS #859

matcho opened this issue Apr 5, 2022 · 2 comments

Comments

@matcho
Copy link

matcho commented Apr 5, 2022

Hello,

Enabling CORS with http.cors.enable works for all /v1.1 routes, but does not seem to affect /ODATA_4.0/* routes.

Tried to enable CorsFilter in web.xml, even to move this config block to global Tomcat web.xml as suggested in the comments. No success.

Is there some special way to enable CORS for OData routes ?

Thank you
Mathias
@hylkevds
Copy link
Member

hylkevds commented Apr 5, 2022

That's odd, since the filter is added to /*:

FROST-Server/FROST-Server.HTTP.Common/src/main/java/de/fraunhofer/iosb/ilt/frostserver/http/common/AbstractContextListener.java

Line 112 in 616eb28

corsFilter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), true, "/*");

If you move the filter to Web.xml, make sure you disable the one in FROST.

@hylkevds
Copy link
Member

Also important for CORS: You can't use an allowed origins setting of * when also using authentication. So if you use authentication you must specify each allowed origin explicitly.

And when using authentication from a browser, the javascript must set XMLHttpRequest.withCredentials to true on the request, otherwise the credentials are not sent to the server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matcho @hylkevds