[Improvement] Add cors filter for Jetty server #42
Assignees
Labels
Milestone
Comments
|
@qqqttt123 assigned this to you. |
Ok, I got it. |
This was referenced Dec 18, 2023
qqqttt123
added a commit
that referenced
this issue
Dec 22, 2023
### What changes were proposed in this pull request? I wrap the cors filter of Jetty as our system internal filter. Most default values respect the default values of the cors filter of Jetty. I only change the default value of `AllowMethods`.The origin default value is `PUT,GET,POST,HEAD`. Because we usually use `DELETE` method, too. I change it to `PUT,GET,POST,HEAD,DELETE`. ### Why are the changes needed? Fix: #42 ### Does this PR introduce _any_ user-facing change? yes, I have added the document. ### How was this patch tested? UT + manual test ``` var http = new XMLHttpRequest(); var url = 'http://localhost:8090/api/version'; http.onreadystatechange = (e) => { console.log(http.responseText) } http.open("GET", url); http.send(); ``` --------- Co-authored-by: Heng Qin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be improved?
To improve the security and avoid attacks to our embedded server, we should add cors filter support for our Jetty server.
How should we improve?
Implement a cors filter and register into Jetty should be enough.
The text was updated successfully, but these errors were encountered: