CORS headers created by Grizzly not always recognised by client

Question

A Grizzly server is running on localhost:8080 that uses Jersey to offer a REST interface.

The CorsFilter class is responsible for creating CORS headers. It is added to the resource config of the GrizzlyServer:

final ResourceConfig rc = new ResourceConfig()
                          .packages("my.application.api.rest")
                          .register(new CorsFilter());
GrizzlyHttpServerFactory.createHttpServer(uri, rc); // uri defined earlier

Here is the CorsFilter class as found in another post:

@Provider
public class CorsFilter implements ContainerResponseFilter {

    private final String HEADERS = "Origin, Content-Type, Accept";
    @Override
    public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException {
        response.getHeaders().add("Access-Control-Allow-Origin", "*");
        response.getHeaders().add("Access-Control-Allow-Headers", HEADERS);
        response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
    }
}

There are two classes representing REST handlers: my.application.api.rest.A.class my.application.api.rest.B.class

Both resources A and B have a POST handler:

@Path("/A")
public class A {
    @POST
    @Produces(MediaType.APPLICATION_JSON)
    public Response handlePost()
    {
        Object payload = getPayload();
        return Response.ok(payload).build();
    }
}

B looks similar to A.

The client is an AngularJS based web application hosted at a local node server from localhost:3000. The POSTs to /A and /B are done using Restangular:

Restangular.all('A').post({
    key: value
});

While POST to A is executed by all available browsers (Chrome, Safari, Firefox), the same POST to B is not executed due to the following error:

XMLHttpRequest cannot load http://localhost:8080/myapplication/B. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 500.

I assume that the headers added by CorsFilter are getting lost somewhere.

POSTs with Postman to A and B work well and the header "Access-Control-Allow-Origin: *" is always present.

Testing with chrome? - http://stackoverflow.com/a/10892392/775715 — Joakim Erdfelt, Oct 19 '16 at 17:31
@JoakimErdfelt no, not only. Browsers are Safari, Chrome and Firefox — JCvanDamme, Oct 20 '16 at 08:52

score 0 · Answer 1 · answered Oct 20 '16 at 15:12

0

Instead of using restangular's post() method I had to use the customPOST() method.

answered Oct 20 '16 at 15:12

JCvanDamme

621
5
20

CORS headers created by Grizzly not always recognised by client

1 Answers1