tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Louis Monteiro <>
Subject Re: cors filter
Date Wed, 10 Apr 2019 08:09:49 GMT
Regarding Tomcat filter, not sure, I most of the time end up doing my own
filter too.
Maybe, forward the email to tomcat mailing list too.

Yes, if you use * it defeats the purpose of the CORS protection.

Jean-Louis Monteiro

On Wed, Apr 10, 2019 at 9:09 AM Matthew Broadhead
<> wrote:

> i cannot seem to get the CORS filter in Tomcat working
> i ended up creating a custom filter like the accepted answer in
> also, every tutorial seems to set to *. doesn't
> this defeat the whole purpose of CORS?  it should be set to list just
> the origins that are allowed to access the resource? otherwise your
> customers can get phished?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message