Re: Adding regular expression support to CORS filter

Chris, On 9/28/20 02:40, Christopher Schultz wrote: Carsten, On 9/27/20 05:53, Carsten Klein wrote: Any comments on that? Is it worth preparing a PR? Regular expressions are fairly expensive. Yes, but my measurements of the HashSet-lookups were wrong, since hashValue() of a String gets

Re: Adding regular expression support to CORS filter

Carsten, On 9/27/20 05:53, Carsten Klein wrote: > Any comments on that? Is it worth preparing a PR? Regular expressions are fairly expensive. If there is a way to build the code such that some subset of wildcards can be serviced without regex (and of course exact matches without using regex),

Re: Adding regular expression support to CORS filter

Any comments on that? Is it worth preparing a PR?

Adding regular expression support to CORS filter

Hi there, I'd like to contribute a CORS filter enhancement, making it accept both wildcard-based and 'regular expression'-based expressions for its allowed origins list. I know this from a project based on Jetty, which has support for, at least, simple wildcard matching (*). Specifying

Re: cors filter in WEB-INF/web.xml

Hello Masber, In order to get accurate answers it would be helpful if you could provide details like: - Platform details: OS, jdk/jre, apache-tomcat version... - "I went through documentation" which one? perhaps https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter - "my web

cors filter in WEB-INF/web.xml

Dear Apache Tomcat community, I am learning Tomcat and would like to create a crosfilter, I went through the documentation and added the code suggested but my web client still complains. This is the content of my web.xml file: Archetype Created Web Application

Re: [EXTERNAL] Re: Configuring CORS filter

gt; > [FID 23621] > > > > Apache Software Foundation reports this in annou...@tomcat.apache.org > > <https://lists.apache.org/list.html?annou...@tomcat.apache.org>: > > > > CVE-2018-8014 Insecure defaults for CORS filter > > > > and the only mitigation is

Re: Configuring CORS filter

rior To 8.5.32 > [FID 23621] > > Apache Software Foundation reports this in annou...@tomcat.apache.org > <https://lists.apache.org/list.html?annou...@tomcat.apache.org>: > > CVE-2018-8014 Insecure defaults for CORS filter > > and the only mitigation is to "Conf

Configuring CORS filter

...@tomcat.apache.org <https://lists.apache.org/list.html?annou...@tomcat.apache.org>: CVE-2018-8014 Insecure defaults for CORS filter and the only mitigation is to "Configure the filter appropriately for your environment" My question is: What if you don't have a CORS filter configured anywhe

[SECURITY] CVE-2018-8014 Insecure defaults for CORS filter

CVE-2018-8014 Insecure defaults for CORS filter Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.8 Apache Tomcat 8.5.0 to 8.5.31 Apache Tomcat 8.0.0.RC1 to 8.0.52 Apache Tomcat 7.0.41 to 7.0.88 Description: The defaults settings for the CORS

Tomcat CORS filter not allowing origin with file:// when resource access done from WebView

Hi, We are facing a problem in tomcat cors filter. Below is the filter configurations added in web.xml for cors request processing. CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT

Re: Cors-Filter

> On Feb 26, 2016, at 3:40 PM, Christopher Schultz > wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jose, > > On 2/26/16 7:08 AM, Jose María Zaragoza wrote: >> 2016-02-26 9:08 GMT+01:00 RICHARD DOUST : >>> My question is, why

Re: Cors-Filter

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jose, On 2/26/16 7:08 AM, Jose María Zaragoza wrote: > 2016-02-26 9:08 GMT+01:00 RICHARD DOUST : >> My question is, why doesn't it work, or, how can I debug it? > > Are you tested to allow to all origins (default option) ? Only for

Re: Cors-Filter

2016-02-26 9:08 GMT+01:00 RICHARD DOUST : > My question is, why doesn't it work, or, how can I debug it? Are you tested to allow to all origins (default option) ? Only for testing purpose, I mean: cors.allowed.origins * At first sight, your settings should work, but ... > I

Re: Cors-Filter

Hi. On this list, it is preferred to not top-post, but respond in-line or below the previous intervention. Re : http://tomcat.apache.org/lists.html#tomcat-users -> important -> 6 It makes it easier to follow the conversation, and for people with small screens, to avoid scrolling up and down

Re: Cors-Filter

There's no doubt in my mind that this is considered a cross-domain request. The question is, why is it not being allowed given the configuration. The domain that requested the original page (via http) is specifically set to be allowed to access the site in a cross-domain scenario. My question

Re: Cors-Filter

On 25.02.2016 22:59, RICHARD DOUST wrote: Hi, I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know more than that. It’s installed on a Windows computer running Windows Server 2003 DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s a client’s box. I’m

Cors-Filter

Hi, I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know more than that. It’s installed on a Windows computer running Windows Server 2003 DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s a client’s box. I’m trying to migrate an application to

Re: TOMCAT 7 , Native CORS FILTER and Spring Security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Maatari, On 7/23/15 10:49 AM, Maatari Daniel Okouya wrote: Hi, I am using TOMCAT 7, and I have enable the CORS FILTER as per the explanation on the official website: https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filte r

TOMCAT 7 , Native CORS FILTER and Spring Security

Hi,  I am using TOMCAT 7, and I have enable the CORS FILTER as per the explanation on the official website:  https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter I use the actual configuration:  filter filter-nameCorsFilter/filter-name filter

Fw: TOMCAT 7 , Native CORS FILTER and Spring Security

--  Maatari Daniel Okouya Sent with Airmail On July 23, 2015 at 10:49:19 AM, Maatari Daniel Okouya (okouy...@yahoo.fr) wrote: Hi,  I am using TOMCAT 7, and I have enable the CORS FILTER as per the explanation on the official website:  https://tomcat.apache.org/tomcat-7.0-doc/config

CORS-Filter for all webapps?

' is therefore not allowed access. The response had HTTP status code 500. What I thought is if I configure the web.xml in Tomcat/conf it should be valid for all webapps and also deegree. Am I wrong? Also if I put the CORS-Filter in Tomcat/webapps/deegree-webservices-3.3.13/web-inf/web.xml it doesn't

Re: Tomcat CORS Filter: Why is the default list of headers in Access-Control-Allow-Headers so arbitrarily limited?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Brian, On 2/7/15 12:21 PM, Brian wrote: Tomcat brings a special filter that implements the CORS specification. In this filter, the default list of allowed headers is the following: Origin Accept X-Requested-With Content-Type

Tomcat CORS Filter: Why is the default list of headers in Access-Control-Allow-Headers so arbitrarily limited?

Hi, Tomcat brings a special filter that implements the CORS specification. In this filter, the default list of allowed headers is the following: Origin Accept X-Requested-With Content-Type Access-Control-Request-Method Access-Control-Request-Headers I know that I can replace that