Hi,
Yeah, it's risky and you only should use it in test env, and when you use
browser to load some local xml file and send to the localhost you are actually
in test, right? But this way generally break the CORS, this way is unsafe from
very beginning.
And your server can set some http header to response message like
headers.put("Access-Control-Allow-Origin", Arrays.asList("*"));
headers.put("Access-Control-Allow-Methods", Arrays.asList("POST",
"GET"));
This way works if the browser is firefox or safari, however, due to the chrome
bug I mentioned before, it doesn't work for chrome.
- ------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: @Freeman小屋
On 2013-6-17, at 下午1:28, VineetKK123 wrote:
> If I use --disable-web-security my browser would be open to everyone in the
> world. Would this cause any security problems?
>
> If I add “Access-Control-Allow-Origin” and “Access-Control-Allow-Headers” in
> request headers in my "Processor" that is implemented in Camel it allows the
> request to reach the service layer. The response however faces issues. Is
> there any way that I can set such parameters while sending response.
>
>
>
> --
> View this message in context:
> http://servicemix.396122.n5.nabble.com/Problem-with-Access-Control-Allow-Origin-on-Chrome-tp5717015p5717017.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
