Red Hat Bugzilla – Bug 1019540
Fix CORS headers added to exception responses
Last modified: 2014-08-04 18:27:48 EDT
Right now, Access-Control-Allow-Origin is set to *. This needs to be fixed to use the CORS filter.
Fixed the headers properly in 1.2-SNAPSHOT build 201310161728.
The problem was caused by the way resteasy handles exceptions. When resteasy catches an exception it completely creates a new HTTP Response which means that any headers set by a filter upstream of the request will be lost. As such I've setup the exception mappers to copy the headers from the original response into the new error response.
Confirmed that HTTP error responses include the required headers.