Hi, I have a single page application running in the browser that interacts with a cxf rest api. The application javascript code and the REST api are served by different servers so I configured CrossOriginResourceSharingFilter and everything works fine.
However in order to workaround an issue with a proxy not supporting PATCH method I configured my client code to rewrite PATCH request to POST + X-HTTP-Method-Override:PATCH. The problem is that POST + X-HTTP-Method-Override:PATCH doesn't seem to play well with CrossOriginResourceSharingFilter because CrossOriginResourceSharingFilter tries to lookup a REST resource doing POST instead of PATCH and so the preflight request is rejected. Looking at the CrossOriginResourceSharingFilter code I found the there is a findResourceMethod configuration can be used to skip the lookup of the resource method and it seems to work when I configure findResourceMethod=true. So I have 3 questions: - Is this property supposed to be used for such situations? - What do I loose when configuring findResourceMethod=true except the check that ? - Shouldn't CrossOriginResourceSharingFilter skip or loosen the resource lookup by default if the preflight request contains a X-HTTP-Method-Override in "Access-Control-Request-Headers"? Thanks, -Seb
