Hi, I need cross origin support for a REST API. In order to achieve it I am trying to set the following headers in the response.
> "Access-Control-Allow-Origin", "*" > "Access-Control-Allow-Headers","*" > "Access-Control-Allow-Methods","GET, POST, DELETE" My current implementation is as follows. in web.xml > <filter> > <filter-name>CorsFilter</filter-name> > <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>CorsFilter</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> > > the Rest implementation @Path("/datasets")public class DatasetApiV10 extends MLRestAPI { @OPTIONS public Response options() { return Response.ok().header("Access-Control-Allow-Origin", "*").header("Access-Control-Allow-Headers","*").header("Access-Control-Allow-Methods","GET, POST, DELETE").build(); } Cross origin headers are *not set *in the response header when a cross origin call is made, but those headers are *set* when I do a local OPTIONS call for the API using cURL or a REST client. Following is the error message I am getting in chrome console. XMLHttpRequest cannot load https://localhost:9443/api/datasets. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 403 Any suggestion to solve this issue? -- Thanks & Regards, Fazlan Nazeem *Software Engineer* *WSO2 Inc* Mobile : +94772338839 <%2B94%20%280%29%20773%20451194> fazl...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev