Re: About cxf CORS with setRequestHeader or without setRequestHeader

Doan Tin Nghia Fri, 30 May 2014 17:38:17 -0700

Hi,
You were sending the custom header request so it actually consists of two
requests, the first one called "preflight request" with OPTIONS method and
the second one is your actual request. Therefore I guess that you need to
implement the OPTIONS in your rest service.


Nghia Doan



On Fri, May 30, 2014 at 12:29 PM, snake0zero <[email protected]> wrote:

> I just used ajax to access my rest service by cxf, but some issues was
> happened :
>
> In my cxf I just set CORSInterceptor as below:
>
> public void handleMessage(Message message) throws Fault {
>     Map<String, List&lt;String>> headers =
> Headers.getSetProtocolHeaders(message);
>     try {
>         //Access-Control-Allow-Origin:*
> Access-Control-Allow-Methods:POST,GET
>         headers.put("Access-Control-Allow-Origin", Arrays.asList("*"));
>         headers.put("Access-Control-Allow-Methods", Arrays.asList("POST",
> "GET", "PUT"));
>         headers.put("Access-Control-Allow-Headers",
> Arrays.asList("Content-Type", "Session-Id"));
>     } catch (Exception ce) {
>         throw new Fault(ce);
>     }
> }
>
>
> In my ajax it successfully access rs if I don't set request header as blew:
>
> $.ajax({
>             type:'get',
>             async:'true',
>             url: all_url,
>             beforeSend:function(request){console.log('loading...');},
>             success:function(data){
>
>             },
>             error:function(){
>                 console.log("Server is busy, Please try later[getAlarmList
> exception]");
>             }
>         });
>
> anyway, if I add request header like this:
>
> $.ajax({
>             type:'get',
>             async:'true',
>             url: all_url,
>
>
> beforeSend:function(request){console.log('loading...');request.setRequestHeader("Session-Id",
> "NBA ACTION");},
>             success:function(data){
>
>             },
>             error:function(){
>                 console.log("Server is busy, Please try later[getAlarmList
> exception]");
>             }
>         });
>
> i am facing this error "No 'Access-Control-Allow-Origin' header is present
> on the requested resource. Origin 'localhost URL' is therefore not allowed
> access."
>
> So, i doubt why using request.setRequestHeader cause this issues, is
> anything restricted by use custom http header to access cross-domain?
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/About-cxf-CORS-with-setRequestHeader-or-without-setRequestHeader-tp5744552.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>

Re: About cxf CORS with setRequestHeader or without setRequestHeader

Reply via email to