Hi Thilini, I have tried mapping localhost to a different domain and the issue still remains. Furthermore the options call using curl as following also gives a 403.
curl -X options -H "Origin: test.com" -H "Content-Type: application/json" > -H "Authorization: Basic YWRtaW46YWRtaW4=" -v > https://localhost:9443/api/datasets -k but the following returns the correct headers. curl -X options -H "Content-Type: application/json" -H "Authorization: > Basic YWRtaW46YWRtaW4=" -v https://localhost:9443/api/datasets -k On Wed, Nov 25, 2015 at 9:06 AM, Thilini Cooray <thili...@wso2.com> wrote: > Hi, > > [1] has mentions that Chrome does not support localhost to go through the > Access-Control-Allow-Origin, therefore we need to map localhost to a > different domain. Further details regarding this issue in chrome is > discussed in [2]. > > Can this be any help for you? > > [1] > http://stackoverflow.com/questions/28547288/no-access-control-allow-origin-header-is-present-on-the-requested-resource-err > [2] https://code.google.com/p/chromium/issues/detail?id=67743 > > Thanks. > > On Tue, Nov 24, 2015 at 9:59 PM, Fazlan Nazeem <fazl...@wso2.com> wrote: > >> Hi, >> >> I need cross origin support for a REST API. In order to achieve it I am >> trying to set the following headers in the response. >> >>> "Access-Control-Allow-Origin", "*" >>> "Access-Control-Allow-Headers","*" >>> "Access-Control-Allow-Methods","GET, POST, DELETE" >> >> >> >> My current implementation is as follows. >> >> in web.xml >> >>> <filter> >>> <filter-name>CorsFilter</filter-name> >>> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> >>> </filter> >>> >> >> >>> <filter-mapping> >>> <filter-name>CorsFilter</filter-name> >>> <url-pattern>/*</url-pattern> >> >> </filter-mapping> >> >>> >>> >> >> the Rest implementation >> >> @Path("/datasets")public class DatasetApiV10 extends MLRestAPI { >> >> @OPTIONS >> public Response options() { >> return Response.ok().header("Access-Control-Allow-Origin", >> "*").header("Access-Control-Allow-Headers","*").header("Access-Control-Allow-Methods","GET, >> POST, DELETE").build(); >> } >> >> Cross origin headers are *not set *in the response header when a cross >> origin call is made, but those headers are *set* when I do a local >> OPTIONS call for the API using cURL or a REST client. >> >> Following is the error message I am getting in chrome console. >> >> XMLHttpRequest cannot load https://localhost:9443/api/datasets. Response >> to preflight request doesn't pass access control check: No >> 'Access-Control-Allow-Origin' header is present on the requested resource. >> Origin 'http://localhost:8080' is therefore not allowed access. The >> response had HTTP status code 403 >> >> >> Any suggestion to solve this issue? >> >> >> -- >> Thanks & Regards, >> >> Fazlan Nazeem >> >> *Software Engineer* >> >> *WSO2 Inc* >> Mobile : +94772338839 >> <%2B94%20%280%29%20773%20451194> >> fazl...@wso2.com >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Best Regards, > > *Thilini Cooray* > Software Engineer > Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194> > E-mail : thili...@wso2.com > > WSO2 Inc. www.wso2.com > lean.enterprise.middleware > -- Thanks & Regards, Fazlan Nazeem *Software Engineer* *WSO2 Inc* Mobile : +94772338839 <%2B94%20%280%29%20773%20451194> fazl...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
