Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue in enabling CORS in atmosphere client #1546

Closed
krishlakshmanan opened this issue Apr 4, 2014 · 4 comments
Closed

Issue in enabling CORS in atmosphere client #1546

krishlakshmanan opened this issue Apr 4, 2014 · 4 comments

Comments

@krishlakshmanan
Copy link

atmosphere-jquery-client version: "2.2.0-jquery"

Whenever the long-polling connection happens, the browser shows error as follows.

The 'Access-Control-Allow-Origin' header contains multiple values 'null, null', but only one is allowed. Origin 'null' is therefore not allowed access.

CORS Filter code :

   public class CorsFilter implements Filter{
private final Logger logger = LoggerFactory.getLogger(CorsFilter.class);

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
        throws IOException, ServletException {      
    HttpServletRequest req = (HttpServletRequest)request;                                   
    HttpServletResponse res = (HttpServletResponse)response;  

    if(req.getHeader("Origin") != null){
        res.setHeader("Access-Control-Allow-Origin", "*");
        res.addHeader("Access-Control-Expose-Headers", "X-Cache-Date, X-Atmosphere-tracking-id");
    }

    if("OPTIONS".equals(req.getMethod())){
        res.addHeader("Access-Control-Allow-Methods", "OPTIONS, GET, POST");
        res.addHeader("Access-Control-Allow-Headers",
                "Origin, Content-Type, X-Atmosphere-Framework, X-Cache-Date, X-Atmosphere-tracking-id, X-Atmosphere-Transport");
        res.addHeader("Access-Control-Max-Age", "-1");
    }                                              
    chain.doFilter(req, res);
}

@Override
public void destroy() { }

@Override
public void init(FilterConfig filterConfig) throws ServletException { }   
}

CORS configuration in web.xml :

<filter>
    <filter-name>AtmosphereCORS</filter-name>
    <filter-class>com.notification.filter.CorsFilter</filter-class>
    </filter>
<filter-mapping>
    <!-- Atmosphere CORS Filter mapping -->
    <filter-name>AtmosphereCORS</filter-name>
    <servlet-name>EserveAtmosphereServlet</servlet-name>
</filter-mapping>

And in my JS client :

 this.request = $.atmosphere.AtmosphereRequest();
 this.request.enableXDR = true;
 this.request.enableProtocol = true;
 this.request.readResponsesHeaders = false;

After facing this issue, I went into the debug mode in CORSFilter code.
There, the below code snippet gives the problem.

   if(req.getHeader("Origin") != null){
 res.addHeader("Access-Control-Allow-Origin", "*");
     res.addHeader("Access-Control-Expose-Headers", "X-Cache-Date, X-Atmosphere-tracking-id");
   }

In the response header, it already contains as {"Access-Control-Allow-Origin" : "www.sample.com"}. And the above code snippet is adding "" to the header "Access-Control-Allow-Origin" and now the header contains multiple values as follows {"Access-Control-Allow-Origin" : " , www.sample.com"}.

So, I removed those code snippet and it is working fine.

Working CORS filter :

 public class CorsFilter implements Filter{
private final Logger logger = LoggerFactory.getLogger(CorsFilter.class);

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
        throws IOException, ServletException {      
    HttpServletRequest req = (HttpServletRequest)request;                                   
    HttpServletResponse res = (HttpServletResponse)response;  

    if("OPTIONS".equals(req.getMethod())){
        res.addHeader("Access-Control-Allow-Methods", "OPTIONS, GET, POST");
        res.addHeader("Access-Control-Allow-Headers",
                "Origin, Content-Type, X-Atmosphere-Framework, X-Cache-Date, X-Atmosphere-tracking-id, X-Atmosphere-Transport");
        res.addHeader("Access-Control-Max-Age", "-1");
    }                                              
    chain.doFilter(req, res);
}

@Override
public void destroy() { }

@Override
public void init(FilterConfig filterConfig) throws ServletException { }   
}
@slovdahl
Copy link
Contributor

slovdahl commented Apr 4, 2014

There's a CorsInterceptor that's enabled by default, maybe that's the reason. Try setting this for your Atmosphere servlet:

<init-param>
    <param-name>org.atmosphere.cpr.dropAccessControlAllowOriginHeader</param-name>
    <param-value>true</param-value>
</init-param>

After that, restore your own CorsFilter to its original state and try again.

@slovdahl
Copy link
Contributor

slovdahl commented Apr 4, 2014

Okay, after a closer look at the CorsInterceptor code there seems to be a bug in it. The documentation says that "true" means that the interceptor should NOT set the headers. But it actually looks like the code does the opposite. @jfarcand ?

@slovdahl
Copy link
Contributor

slovdahl commented Apr 4, 2014

Heh, maybe I jumped to conclusions too fast, I just read your mailing list thread.

@jfarcand
Copy link
Member

jfarcand commented Apr 7, 2014

Seems this issue is fixed already. Not sure what version was used.

@jfarcand jfarcand closed this as completed Apr 7, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jfarcand @slovdahl @krishlakshmanan