https://issues.apache.org/bugzilla/show_bug.cgi?id=57178
Bug ID: 57178 Summary: Add CorsFilter configuration option to allow requests with Origin "null" Product: Tomcat 8 Version: trunk Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: gzurow...@apache.org CorsFilter does not allow requests with the Origin header set to string "null". It treats such requests as invalid CORS requests. The current implementation seems too restrictive and prevents some common use cases: The Origin header is set to "null" when the browser cannot determine the origin of a request. This is the case when opening local files in the browser. Common uses cases are local development with remote services and testing hybrid mobile applications. To support such use cases, a new configuration option could be introduced where administrators could explicitly allow CORS requests with "null" origins. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org