Darshan Mehta
Reputation: 30839
Jersey : 'Access-Control-Allow-Origin' header gets encoded
From my site's user interface, I call back end API that is running through Jersey HK2 and I have following code in the filter:
final String origin = httpRequest.getHeader("origin");
httpResponse.addHeader("Access-Control-Allow-Origin", origin);
Now, I see the following headers being sent and received in Chrome's developer toolbar:
Request Headers:
Origin: https://example.com:8443
Response Headers:
Access-Control-Allow-Origin: https%3A%2F%example.com%3A8443
I want to avoid escaping/encoding of non-alphanumeric characters. Do I need to change anything in the implementation?
Upvotes: 0
Views: 20
Answers (1)
Tarun Aghara
Reputation: 43
Can you check that the httpRequest.getHeader("origin") value is correctly retrieved and is not encoded. Log the origin value to confirm its format.
System.out.println("Origin Header: " + origin); // For debugging
If it's encoded can you decode and add
final String origin = java.net.URLDecoder.decode(httpRequest.getHeader("origin"), "UTF-8");
Upvotes: 0
Related Questions
- S3 - Access-Control-Allow-Origin Header
- Wordpress API - Ionic GET - The 'Access-Control-Allow-Origin' header contains multiple values '*, *'
- Set cookies for cross origin requests
- Access-Control-Allow-Origin header not working - What am I doing wrong?
- Access Control Request Headers, is added to header in AJAX request with jQuery
- AJAX POST call with application/json contentType gets "no 'Access-Control-Allow-Origin' header" error
- What exactly does the Access-Control-Allow-Credentials header do?
- GAE(Spring Boot App) CORS check not returning Access-Control-Allow-Origin header
- Understanding Access-Control-Allow-Origin and caching
- Cross-Origin Request Blocked, angularjs rest call to jersey api