Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CORS protection active when same-origin

See original GitHub issue

Describe the bug Trying to make a frontend work by using your API but i keep getting rejected because CORS Filters are still active.

ApiServer == localhost:3455 HttpServer Frontend = localhost:1234

Because its the same domain and CORS is active i get “Same-Origin” CORS back

I tried to overwrite your ApiServer class to make it work but this undertow-cors-filter is garbage and not working.

They found a solution here:

https://stackoverflow.com/questions/42066845/how-to-enable-access-control-allow-origin-in-undertow

but that would mean i have to overwrite your AbsSessionHandler.class . At that point i gave up otherwise i needed to rewrite your whole API 😛

Could you please add this to your AbsSessionHandler.class :

exchange.getResponseHeaders().put(new HttpString("Access-Control-Allow-Origin"), "*"); exchange.getResponseHeaders().put(new HttpString("Access-Control-Allow-Methods"), "GET, POST, PUT, DELETE"); exchange.getResponseHeaders().put(new HttpString("Access-Control-Allow-Headers"), "*");

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:12 (12 by maintainers)

github_iconTop GitHub Comments

1reaction
devgianlucommented, Mar 20, 2020

Since undertow lacks of the simplest features of a http server I have no choice as rewrite the API( using spring boot 2)

I don’t think I will accept a rewrite of the API. Undertow allows for a much larger level of flexibility (in my opinion) and the API is very lightweight.

Allowing any origin is just fine.

1reaction
spoconcommented, Mar 19, 2020

Hi lkwg82 ,

That would be a integration test than, because with a normal JUnit test is nothing to test. We would need to install a Rest client like Rest Assured and run a server and check the response if the Allow Origin is in the response. Thats quite a lot of work and at least 3 more test packages in pom for such a small task. I made a manual test instead and checked if it works

bild

Read more comments on GitHub >

github_iconTop Results From Across the Web

Same-origin policy - Web security | MDN
The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a ......
Read more >
3 Ways to Fix the CORS Error — and How the Access-Control ...
The error stems from a security mechanism that browsers implement called the same-origin policy. The same-origin policy fights one of the most ...
Read more >
Deep dive in CORS: History, how it works, and best practices
The same-origin policy was introduced by Netscape Navigator 2.02 in 1995, originally intended to protect cross-origin access to the DOM.
Read more >
Same Origin Policy (SOP) - AppSec Monkey
Cross-Origin Resource Sharing, or CORS for short, is a mechanism for a website to partially opt-out of the same-origin policy in a controlled ......
Read more >
CORS Tutorial: A Guide to Cross-Origin Resource Sharing
Cross-Origin Resource Sharing (CORS) is a protocol that enables scripts running on a browser client to interact with resources from a different ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Gapless playback not working on latest dev code

Next page

How to improve performance on Raspberry Pi