https://bz.apache.org/bugzilla/show_bug.cgi?id=62676
Bug ID: 62676 Summary: Documentation of CORS Filter is now misleading Product: Tomcat 8 Version: 8.5.x-trunk Hardware: PC Status: NEW Severity: minor Priority: P2 Component: Documentation Assignee: dev@tomcat.apache.org Reporter: mano...@gmail.com Target Milestone: ---- This is partially a re-report of 62455, but with a more current version reported. The documentation says that the minimal configuration of the CORS Filter is: <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> This was true when the default for cors.allowed.origins was * (e.g. https://web.archive.org/web/20180213064017/https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter), but in the .53 release, it was changed to empty string per bug 62343. The documentation should be updated with either a comment that the minimal configuration doesn't allow any access (so, what's the point?) or with the equivalent new configuration: <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org