https://bz.apache.org/bugzilla/show_bug.cgi?id=62455
Bug ID: 62455 Summary: CORS filter cors.allowed.origins does not default to "*" anymore Product: Tomcat 8 Version: 8.0.32 Hardware: Other OS: other Status: NEW Severity: normal Priority: P2 Component: Documentation Assignee: dev@tomcat.apache.org Reporter: crist...@ghezzi.net Target Milestone: ---- I used to be able to make a cross-origin GET just by using the following configuration: <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/myPath</url-pattern> </filter-mapping> Recenlty this stopped working. Now I have to specify an init parameter that the docs state has that value by default ("Any origin is allowed to access the resource"): <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> I see that some work has been recently done to increase security (https://bz.apache.org/bugzilla/show_bug.cgi?id=62343) so maybe the docs haven't been updated yet? Or maybe this is an unintended side-effect which is breaking all sites using the old default behaviour. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org