https://issues.apache.org/bugzilla/show_bug.cgi?id=57178
Bug ID: 57178
Summary: Add CorsFilter configuration option to allow requests
with Origin "null"
Product: Tomcat 8
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: gzurow...@apache.org
CorsFilter does not allow requests with the Origin header set to string "null".
It treats such requests as invalid CORS requests. The current implementation
seems too restrictive and prevents some common use cases: The Origin header is
set to "null" when the browser cannot determine the origin of a request. This
is the case when opening local files in the browser. Common uses cases are
local development with remote services and testing hybrid mobile applications.
To support such use cases, a new configuration option could be introduced where
administrators could explicitly allow CORS requests with "null" origins.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
