This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1019540 - Fix CORS headers added to exception responses
Fix CORS headers added to exception responses
Product: PressGang CCMS
Classification: Community
Component: REST-API (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 1.2
Assigned To: Lee Newson
Depends On:
  Show dependency treegraph
Reported: 2013-10-15 23:03 EDT by Matthew Casperson
Modified: 2014-08-04 18:27 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-10-17 19:44:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matthew Casperson 2013-10-15 23:03:37 EDT
In order for a JavaScript client to read custom headers, like X-PressGang-Version (which is critical to allowing the client to fail over), the Access-Control-Allow-Origin and Access-Control-Expose-Headers headers need to be set.

Right now, Access-Control-Allow-Origin is set to *. This needs to be fixed to use the CORS filter.
Comment 1 Lee Newson 2013-10-16 03:42:38 EDT
Fixed the headers properly in 1.2-SNAPSHOT build 201310161728.

The problem was caused by the way resteasy handles exceptions. When resteasy catches an exception it completely creates a new HTTP Response which means that any headers set by a filter upstream of the request will be lost. As such I've setup the exception mappers to copy the headers from the original response into the new error response.
Comment 3 Matthew Casperson 2013-10-16 16:51:25 EDT
Confirmed that HTTP error responses include the required headers.

Note You need to log in before you can comment on or make changes to this bug.