Reputation: 30839
From my site's user interface, I call back end API that is running through Jersey HK2 and I have following code in the filter:
final String origin = httpRequest.getHeader("origin");
httpResponse.addHeader("Access-Control-Allow-Origin", origin);
Now, I see the following headers being sent and received in Chrome's developer toolbar:
Request Headers:
Origin: https://example.com:8443
Response Headers:
Access-Control-Allow-Origin: https%3A%2F%example.com%3A8443
I want to avoid escaping/encoding of non-alphanumeric characters. Do I need to change anything in the implementation?
Upvotes: 0
Views: 20
Reputation: 43
Can you check that the httpRequest.getHeader("origin") value is correctly retrieved and is not encoded. Log the origin value to confirm its format.
System.out.println("Origin Header: " + origin); // For debugging
If it's encoded can you decode and add
final String origin = java.net.URLDecoder.decode(httpRequest.getHeader("origin"), "UTF-8");
Upvotes: 0