https://bz.apache.org/bugzilla/show_bug.cgi?id=62676
Bug ID: 62676
Summary: Documentation of CORS Filter is now misleading
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
Status: NEW
Severity: minor
Priority: P2
Component: Documentation
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
This is partially a re-report of 62455, but with a more current version
reported.
The documentation says that the minimal configuration of the CORS Filter is:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This was true when the default for cors.allowed.origins was * (e.g.
https://web.archive.org/web/20180213064017/https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter),
but in the .53 release, it was changed to empty string per bug 62343.
The documentation should be updated with either a comment that the minimal
configuration doesn't allow any access (so, what's the point?) or with the
equivalent new configuration:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
