Chris,
On 9/28/20 02:40, Christopher Schultz wrote:
Carsten,
On 9/27/20 05:53, Carsten Klein wrote:
Any comments on that? Is it worth preparing a PR?
Regular expressions are fairly expensive.
Yes, but my measurements of the HashSet-lookups were wrong, since
hashValue() of a String gets
Carsten,
On 9/27/20 05:53, Carsten Klein wrote:
> Any comments on that? Is it worth preparing a PR?
Regular expressions are fairly expensive.
If there is a way to build the code such that some subset of wildcards
can be serviced without regex (and of course exact matches without using
regex),
Any comments on that? Is it worth preparing a PR?
Hi there,
I'd like to contribute a CORS filter enhancement, making it accept both
wildcard-based and 'regular expression'-based expressions for its
allowed origins list.
I know this from a project based on Jetty, which has support for, at
least, simple wildcard matching (*). Specifying
Hello Masber,
In order to get accurate answers it would be helpful if you could provide
details like:
- Platform details: OS, jdk/jre, apache-tomcat version...
- "I went through documentation" which one? perhaps
https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter
- "my web
Dear Apache Tomcat community,
I am learning Tomcat and would like to create a crosfilter, I went through the
documentation and added the code suggested but my web client still complains.
This is the content of my web.xml file:
Archetype Created Web Application
gt; > [FID 23621]
> >
> > Apache Software Foundation reports this in annou...@tomcat.apache.org
> > <https://lists.apache.org/list.html?annou...@tomcat.apache.org>:
> >
> > CVE-2018-8014 Insecure defaults for CORS filter
> >
> > and the only mitigation is
rior To 8.5.32
> [FID 23621]
>
> Apache Software Foundation reports this in annou...@tomcat.apache.org
> <https://lists.apache.org/list.html?annou...@tomcat.apache.org>:
>
> CVE-2018-8014 Insecure defaults for CORS filter
>
> and the only mitigation is to "Conf
...@tomcat.apache.org
<https://lists.apache.org/list.html?annou...@tomcat.apache.org>:
CVE-2018-8014 Insecure defaults for CORS filter
and the only mitigation is to "Configure the filter appropriately for your
environment"
My question is:
What if you don't have a CORS filter configured anywhe
CVE-2018-8014 Insecure defaults for CORS filter
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.8
Apache Tomcat 8.5.0 to 8.5.31
Apache Tomcat 8.0.0.RC1 to 8.0.52
Apache Tomcat 7.0.41 to 7.0.88
Description:
The defaults settings for the CORS
Hi,
We are facing a problem in tomcat cors filter. Below is the filter
configurations added in web.xml for cors request processing.
CorsFilter
org.apache.catalina.filters.CorsFilter
cors.allowed.origins
*
cors.allowed.methods
GET,POST,HEAD,OPTIONS,PUT
> On Feb 26, 2016, at 3:40 PM, Christopher Schultz
> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Jose,
>
> On 2/26/16 7:08 AM, Jose María Zaragoza wrote:
>> 2016-02-26 9:08 GMT+01:00 RICHARD DOUST :
>>> My question is, why
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jose,
On 2/26/16 7:08 AM, Jose María Zaragoza wrote:
> 2016-02-26 9:08 GMT+01:00 RICHARD DOUST :
>> My question is, why doesn't it work, or, how can I debug it?
>
> Are you tested to allow to all origins (default option) ? Only for
2016-02-26 9:08 GMT+01:00 RICHARD DOUST :
> My question is, why doesn't it work, or, how can I debug it?
Are you tested to allow to all origins (default option) ? Only for
testing purpose, I mean:
cors.allowed.origins
*
At first sight, your settings should work, but ...
> I
Hi.
On this list, it is preferred to not top-post, but respond in-line or below the previous
intervention.
Re : http://tomcat.apache.org/lists.html#tomcat-users -> important -> 6
It makes it easier to follow the conversation, and for people with small screens, to avoid
scrolling up and down
There's no doubt in my mind that this is considered a cross-domain request. The
question is, why is it not being allowed given the configuration. The domain
that requested the original page (via http) is specifically set to be allowed
to access the site in a cross-domain scenario.
My question
On 25.02.2016 22:59, RICHARD DOUST wrote:
Hi,
I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know more
than that. It’s installed on a Windows computer running Windows Server 2003
DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s a
client’s box. I’m
Hi,
I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know more
than that. It’s installed on a Windows computer running Windows Server 2003
DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s a
client’s box. I’m trying to migrate an application to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Maatari,
On 7/23/15 10:49 AM, Maatari Daniel Okouya wrote:
Hi,
I am using TOMCAT 7, and I have enable the CORS FILTER as per the
explanation on the official website:
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filte
r
Hi,
I am using TOMCAT 7, and I have enable the CORS FILTER as per the explanation
on the official website:
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
I use the actual configuration:
filter
filter-nameCorsFilter/filter-name
filter
--
Maatari Daniel Okouya
Sent with Airmail
On July 23, 2015 at 10:49:19 AM, Maatari Daniel Okouya (okouy...@yahoo.fr)
wrote:
Hi,
I am using TOMCAT 7, and I have enable the CORS FILTER as per the explanation
on the official website:
https://tomcat.apache.org/tomcat-7.0-doc/config
' is therefore not allowed access.
The response had HTTP status code 500.
What I thought is if I configure the web.xml in Tomcat/conf it should be
valid for all webapps and also deegree. Am I wrong? Also if I put the
CORS-Filter in Tomcat/webapps/deegree-webservices-3.3.13/web-inf/web.xml it
doesn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Brian,
On 2/7/15 12:21 PM, Brian wrote:
Tomcat brings a special filter that implements the CORS
specification. In this filter, the default list of allowed headers
is the following:
Origin Accept X-Requested-With Content-Type
Hi,
Tomcat brings a special filter that implements the CORS specification. In
this filter, the default list of allowed headers is the following:
Origin
Accept
X-Requested-With
Content-Type
Access-Control-Request-Method
Access-Control-Request-Headers
I know that I can replace that
24 matches
Mail list logo