Reputation: 1430
Missing Header in HTTP Response due to CORS
I am using an embedded jetty via maven with version <jetty.version>9.4.19.v20190610</jetty.version>
I use a CORS Filter as follows:
FilterHolder holder = new FilterHolder(CrossOriginFilter.class);
holder.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
holder.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
holder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,POST,HEAD,PUT,DELETE,OPTIONS");
holder.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_METHODS_HEADER, "*");
holder.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_HEADERS_HEADER, "true");
holder.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM,
"Access-Control-Request-Method,x-csrftoken,ClientKey,If-None-Match,Access-Control-Request-Headers,Authorization,X-Requested-With,Prefer,Content-Type,X-Auth-Token,Accept,Origin,X-Requested-With,Pragma,Refer,Referer,User-Agent,Host,Connection,Cache-Control,Accept-Language,Accept-Encoding,Content-Length,sec-fetch-mode,sec-fetch-site");
holder.setName("cross-origin");
staticServletHandler.addFilter(holder, "/*", EnumSet.of(DispatcherType.REQUEST));
I am able to query the REST endpoint which is hosted by jetty from any server without a CORS error. I am using the following JS (with jquery) code for accessing the endpoint (i am running the code in chrome):
$.ajax({
type:'Get',
cache: false,
dataType: 'json',
url: myurl,
success:((data,textstatus,request)=>{
this.etag=request.getResponseHeader('E-Tag'); //null if JS is executed on another server
}),
});
If I host the JS code on the jetty I am additionally able to access the E-Tag, if I host the code on another server I GET THE DATA but NOT THE E-TAG. So if the JS Code is located on the same Server as the endpoint then I get the response header. If it is located on a different Server the headers are removed. Hence, I guess that this is a CORS error ( i dont get an error). How do I have to configure the jetty that it works for remote request?
Additional Information: I create e-tag header on jetty as follows:
return Response.status(200).entity(status).header("E-Tag","abc").build();
EDIT: I added the following line:
holder.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_EXPOSE_HEADERS_HEADER, "Content-Length, X-Kuma-Revision, E-Tag");
but the E-Tag header is still missing. The server definitely adds the header to the response as the following screenshot of Postman shows.
Upvotes: 0
Views: 741
Answers (1)
Reputation: 6062
For the Requests from another server to access the headers, Access-Control-Expose-Headers header needs to be sent along with the response. The value of the header should be comma separated list of the header names that you want to be exposed.
Example: Access-Control-Expose-Headers: Content-Length, X-Kuma-Revision
Refer to the Mozilla Developer link for more information and clarity.
Implementation: Add the following init parameter:
holder.setInitParameter(CrossOriginFilter.EXPOSED_HEADERS_PARAM, "Content-Length, X-Kuma-Revision, E-Tag");
Upvotes: 1
Related Questions
- Setting HTTP headers with Jetty
- Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present . Server error
- How to specify response headers to CORS?
- Jetty Embedded: Using CORS + Basic authentication (ConstraintSecurityHandler)
- BaseX REST API: Set custom HTTP response header
- $http post request is not adding specified headers
- How to access url from another origin? Preflight request returns 401 even if Access-Control-Allow-* headers is present
- Cross origin request (COR) with embedded jetty
- embedded jetty CrossDomainFilter not working
- CORS with Embedded Jetty HTTPS