Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

quarkus.http.cors.origins=* should be supported

See original GitHub issue

Describe the bug When I read the documentation about configuring cors for the first time, I tought that leaving “quarkus.http.cors.origins” as empty would be the same as “Access-Control-Allow-Origin: *”. The * wildcard allows any origin to access ressources.

Furthermore, a value of “*” is currently not supported. See CORSFilter.java#L93. boolean allowsOrigin = corsConfig.origins.isEmpty() || corsConfig.origins.contains(origin);

We should try to improve the documentation to reflect what is actually going on in the filter.

Expected behavior

For requests without credentials, the literal value “*” can be specified, as a wildcard; the value tells browsers to allow requesting code from any origin to access the resource.

If I use “" as wildcard, I expect quarkus to allow any origin to access my resources. If I remove “quarkus.http.cors.origins” in my configuration, I expect quarkus to use "” as default. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

Actual behavior Requests get rejected, altough quarkus.http.cors.origins is set to “*”.

Configuration

uarkus.http.cors=true
quarkus.http.cors.origins=*

Environment (please complete the following information):

Output of uname -a or ver: SYS_NT-10.0 DESKTOP-0TKUM9I 2.11.2(0.329/5/3) 2018-11-10 14:38 x86_64 Msys
Output of java -version: java version “1.8.0_211” Java™ SE Runtime Environment (build 1.8.0_211-b12) Java HotSpot™ 64-Bit Server VM (build 25.211-b12, mixed mode)
Quarkus version or git rev: 1.0.0.CR1