Created
January 3, 2023 19:47
-
-
Save bytefade/769f80a8cb55a9ba4edd5fde9e9f7586 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!--filter> | |
| <filter-name>CorsFilter</filter-name> | |
| <filter-class>com.jaspersoft.jasperserver.api.security.csrf.CorsFilter</filter-class> | |
| </filter--> | |
| <filter> | |
| <filter-name>CorsFilter</filter-name> | |
| <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> | |
| <init-param> | |
| <param-name>cors.allowed.origins</param-name> | |
| <param-value>https://www.example.com, https://www.example.net</param-value> | |
| </init-param> | |
| <init-param> | |
| <param-name>cors.allowed.methods</param-name> | |
| <param-value>GET,POST,HEAD,PUT,OPTIONS,DELETE,PATCH</param-value> | |
| </init-param> | |
| <init-param> | |
| <param-name>cors.allowed.headers</param-name> | |
| <param-value>Cache-Control,X-Suppress-Basic,Origin,Accept,X-Requested-With,Content-Type,Pragma,accept-timezone,withCredentials,X-Remote-Domain,X-Is-Visualize,x-jrs-base-url,Content-Disposition,Content-Description</param-value> | |
| </init-param> | |
| <init-param> | |
| <param-name>cors.exposed.headers</param-name> | |
| <param-value></param-value> | |
| </init-param> | |
| <init-param> | |
| <param-name>cors.support.credentials</param-name> | |
| <param-value>true</param-value> | |
| </init-param> | |
| <init-param> | |
| <param-name>cors.preflight.maxage</param-name> | |
| <param-value>300</param-value> | |
| </init-param> | |
| <filter-mapping> | |
| <filter-name>CrossDomainFilter</filter-name> | |
| <url-pattern>/*</url-pattern> | |
| </filter-mapping> | |
| <filter-mapping> | |
| <filter-name>CorsFilter</filter-name> | |
| <url-pattern>/*</url-pattern> | |
| </filter-mapping> | |
| <filter-mapping> | |
| <filter-name>CorsFilter</filter-name> | |
| <url-pattern>*.woff</url-pattern> | |
| </filter-mapping> | |
| ---- | |
| # Using http for both JRS and Origin | |
| curl -i -X OPTIONS http://localhost:8080/jasperserver-pro/index.htm \ | |
| -H 'Access-Control-Request-Method: GET' \ | |
| -H 'Access-Control-Request-Headers: Content-Type, Accept' \ | |
| -H 'Origin: http://fiddle.jshell.net' | |
| curl -i -X GET http://localhost:8080/jasperserver-pro/index.htm \ | |
| -H 'Origin: http://fiddle.jshell.net' \ | |
| --head | |
| # CORS might *not* work on the j_spring_security_check endpoint if a (hot)fix for defect JS-61626 has not been applied | |
| curl -i -X POST http://localhost:8080/jasperserver-pro/j_spring_security_check \ | |
| -H 'Origin: http://fiddle.jshell.net' \ | |
| --head | |
| # Using httpS for both JRS and Origin | |
| curl -i -X OPTIONS https://localhost/jasperserver-pro/index.htm \ | |
| -H 'Access-Control-Request-Method: GET' \ | |
| -H 'Access-Control-Request-Headers: Content-Type, Accept' \ | |
| -H 'Origin: https://fiddle.jshell.net' | |
| curl -i -X GET https://localhost/jasperserver-pro/index.htm \ | |
| -H 'Origin: https://fiddle.jshell.net' \ | |
| | head -n 22 | |
| # CORS might *not* work on the j_spring_security_check endpoint if a (hot)fix for defect JS-61626 has not been applied | |
| curl -i -X POST http://localhost/jasperserver-pro/j_spring_security_check \ | |
| -H 'Origin: https://fiddle.jshell.net' \ | |
| --head | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment