CorsFilter setAllowedOrigins(*) redundancy

Is there any reason to write

corsFilter.setAllowedOrigins(new HashSet<String>(Arrays.asList("*")));

where the definition of allowedOrigins in the Restlet framework is

private Set<String> allowedOrigins = SetUtils.newHashSet("*");

Another question – when I write the above line, I get an error running my app. For some reason I get duplicate origin, and the client refuses to accept it – in the request I can see “*” and the domain name where I sent the request from.

How does this duplication can happen, and what is the best way to deal with it?

Answer

You’re right, there is no need to provide this value as it is already the default one. Could you tell me where you read that such value must be set?

I don’t understand what really happens with the second part of your question, as I’m not able to reproduce it (with CorsFilter, or CorsService).

Could you try using the CorsService instead? This service helps to configure the Cors feature, and is integrated in the list of services either of the Application, or the Component, for example in the constructor of the application:

public TestCorsApplication() {
    CorsService corsService = new CorsService();
    corsService.setAllowedCredentials(true);
    corsService.setSkippingResourceForCorsOptions(true);

    getServices().add(corsService);
}

Leave a Reply

Your email address will not be published. Required fields are marked *