I also tried setting up the headers as below with explicitly mentioning the
domain or passing * in the allow origin header . Both give the same issue
response 401 UnAuthorized.
corsFilter.setInitParameter("Access-Control-Allow-Credentials", "true");
corsFilter.setInitParameter("Access-Control-Allow-Origin", "*");
corsFilter.setInitParameter("Access-Control-Allow-Headers", "Origin,
X-Requested-With, Content-Type, Accept, Access-Control-Request-Headers,
Access-Control-Request-Method, Cache-Control, Pragma, Expires");
corsFilter.setInitParameter("Access-Control-Allow-Methods\" ",
"OPTIONS,GET,PUT,POST,DELETE,HEAD");
Explicitly setting the header
corsFilter.setInitParameter("Access-Control-Allow-Credentials", "true");
corsFilter.setInitParameter("Access-Control-Allow-Origin",
"http://localhost:4200";);
corsFilter.setInitParameter("Access-Control-Allow-Headers", "Origin,
X-Requested-With, Content-Type, Accept, Access-Control-Request-Headers,
Access-Control-Request-Method, Cache-Control, Pragma, Expires");
corsFilter.setInitParameter("Access-Control-Allow-Methods\" ",
"OPTIONS,GET,PUT,POST,DELETE,HEAD");
Thanks
On Thursday, July 6, 2017 at 1:45:17 PM UTC+1, [email protected] wrote:
>
> Hi,
>
> I have setup CORS filter in my dropwizard application as below. But I
> don't see dropwizard setting the '*Access-Control-Allow-Origin' *header
> in the server response. My browser returns a 401 Authorisation error.
> My REST endpoint (http://localhost:8199/api/iceberg/reconciliations) is
> working fine and returns a valid JSON message when invoked.
>
> Can you please advise how I can resolve this issue or find out why
> dropwizard is not setting the expected headers?
>
> *My CORS setup in dropwizard is as below*
>
> @Override
> public void run(MyAppConfiguration myAppConfiguration, Environment
> environment) throws Exception {
> //Force browsers to reload all js and html files for every request as
> angular gets screwed up
> environment.servlets()
> .addFilter("CacheBustingFilter", new CacheBustingFilter())
> .addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST),
> true, "/*");
>
> enableCorsHeaders(environment);
>
> }
>
>
> private void enableCorsHeaders(Environment env) {
> final FilterRegistration.Dynamic cors =
> env.servlets().addFilter("CORS", CrossOriginFilter.class);
>
> // Configure CORS parameters
> cors.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
> cors.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM,
> "X-Requested-With,Content-Type,Accept,Origin");
> cors.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM,
> "OPTIONS,GET,PUT,POST,DELETE,HEAD");
>
> // Add URL mapping
> cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class),
> true, "/*");
> }
>
>
>
> When I call the REST endpoint from my angular application I don't see
> dropwizard returning the 'Access-Control-Allow-Origin' header on the
> response. I also don't see any preflight requests from the application.
> The HTTP request-response is as below when the
> http://localhost:8199/api/iceberg/reconciliations is called from my
> angular application.
>
> GET http://localhost:8199/api/iceberg/reconciliations
> Accept: application/json, text/plain, */*
> Origin: http://localhost:4200
> X-DevTools-Emulate-Network-Conditions-Client-Id:
> 90d7ac77-f45f-4d60-a667-a56da9e0582b
> X-DevTools-Request-Id: 7836.4077
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
> Referer: http://localhost:4200/dashboard
> Accept-Encoding <http://localhost:4200/dashboardAccept-Encoding>: gzip,
> deflate, br
> Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
> *HTTP/1.1 401 Unauthorized*
> Date: Thu, 06 Jul 2017 10:59:14 GMT
> WWW-Authenticate: BASIC realm="application"
> Content-Length: 0
>
>
>
> *CURL - OPTIONS METHOD*
>
> Moreover I checked using CURL to see how the OPTIONS method response
> looks like from the server, I get the same not authorized 401 response.
>
> $ curl -H "Origin: http://example.com";
> -H "Access-Control-Request-Method: POST"
> -H "Access-Control-Request-Headers: X-Requested-With"
> -X OPTIONS --verbose http://localhost:8199/api/iceberg/reconciliations
>
>
> *CURL command response does not have the Access control header*
>
> * STATE: INIT => CONNECT handle 0x6000578f0; line 1410 (connection #-5000)
> * Added connection 0. The cache now contains 1 members
> * STATE: CONNECT => WAITRESOLVE handle 0x6000578f0; line 1446 (connection
> #0)
> * Trying ::1...
> * TCP_NODELAY set
> * STATE: WAITRESOLVE => WAITCONNECT handle 0x6000578f0; line 1527
> (connection #0)
> * Connected to localhost (::1) port 8199 (#0)
> * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000578f0; line 1579
> (connection #0)
> * Marked for [keep alive]: HTTP default
> * STATE: SENDPROTOCONNECT => DO handle 0x6000578f0; line 1597 (connection
> #0)
> > OPTIONS /api/iceberg/reconciliations HTTP/1.1
> > Host: localhost:8199
> > User-Agent: curl/7.54.1
> > Accept: */*
> > Origin: http://example.com
> > Access-Control-Request-Method: POST
> > Access-Control-Request-Headers: X-Requested-With
> >
> * STATE: DO => DO_DONE handle 0x6000578f0; line 1676 (connection #0)
> * STATE: DO_DONE => WAITPERFORM handle 0x6000578f0; line 1801 (connection
> #0)
> * STATE: WAITPERFORM => PERFORM handle 0x6000578f0; line 1811 (connection
> #0)
> * HTTP 1.1 or later with persistent connection, pipelining supported
> *< HTTP/1.1 401 Unauthorized*
> < Date: Thu, 06 Jul 2017 10:53:52 GMT
> < WWW-Authenticate: BASIC realm="application"
> < Content-Length: 0
>
>
--
You received this message because you are subscribed to the Google Groups
"dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
