Darshan Mehta
Darshan Mehta

Reputation: 30839

Jersey : 'Access-Control-Allow-Origin' header gets encoded

From my site's user interface, I call back end API that is running through Jersey HK2 and I have following code in the filter:

final String origin = httpRequest.getHeader("origin");
httpResponse.addHeader("Access-Control-Allow-Origin", origin);

Now, I see the following headers being sent and received in Chrome's developer toolbar:

Request Headers:
Origin: https://example.com:8443

Response Headers:
Access-Control-Allow-Origin: https%3A%2F%example.com%3A8443

I want to avoid escaping/encoding of non-alphanumeric characters. Do I need to change anything in the implementation?

Upvotes: 0

Views: 20

Answers (1)

Tarun Aghara
Tarun Aghara

Reputation: 43

Can you check that the httpRequest.getHeader("origin") value is correctly retrieved and is not encoded. Log the origin value to confirm its format.

System.out.println("Origin Header: " + origin); // For debugging

If it's encoded can you decode and add

final String origin = java.net.URLDecoder.decode(httpRequest.getHeader("origin"), "UTF-8");

Upvotes: 0

Related Questions