https://bz.apache.org/bugzilla/show_bug.cgi?id=62455
Bug ID: 62455
Summary: CORS filter cors.allowed.origins does not default to
"*" anymore
Product: Tomcat 8
Version: 8.0.32
Hardware: Other
OS: other
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: dev@tomcat.apache.org
Reporter: crist...@ghezzi.net
Target Milestone: ----
I used to be able to make a cross-origin GET just by using the following
configuration:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/myPath</url-pattern>
</filter-mapping>
Recenlty this stopped working. Now I have to specify an init parameter that the
docs state has that value by default ("Any origin is allowed to access the
resource"):
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
I see that some work has been recently done to increase security
(https://bz.apache.org/bugzilla/show_bug.cgi?id=62343) so maybe the docs
haven't been updated yet? Or maybe this is an unintended side-effect which is
breaking all sites using the old default behaviour.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
