Bug 1019540

Summary: Fix CORS headers added to exception responses
Product: [Community] PressGang CCMS Reporter: Matthew Casperson <mcaspers>
Component: REST-APIAssignee: Lee Newson <lnewson>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.2CC: cbredesen, lnewson
Target Milestone: ---   
Target Release: 1.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-17 23:44:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Casperson 2013-10-16 03:03:37 UTC 
In order for a JavaScript client to read custom headers, like X-PressGang-Version (which is critical to allowing the client to fail over), the Access-Control-Allow-Origin and Access-Control-Expose-Headers headers need to be set.

Right now, Access-Control-Allow-Origin is set to *. This needs to be fixed to use the CORS filter.
Comment 1 Lee Newson 2013-10-16 07:42:38 UTC 
Fixed the headers properly in 1.2-SNAPSHOT build 201310161728.

The problem was caused by the way resteasy handles exceptions. When resteasy catches an exception it completely creates a new HTTP Response which means that any headers set by a filter upstream of the request will be lost. As such I've setup the exception mappers to copy the headers from the original response into the new error response.
Comment 3 Matthew Casperson 2013-10-16 20:51:25 UTC 
Confirmed that HTTP error responses include the required headers.