Browser not showing valid response for cross-origin request
I made a cross origin request. Browser shows correct message on the console but also shows reponse in the network tab (which should not have been shown).
Message on the console: enter image description here
Message shown under response of network tab:
enter image description here
Basically, I have a method called getToken that provide token to client applications. Before providing token CORS Filter is setup and the user is validated.
If user is validated successfully, then Access-Control-Allow-Origin header is added.
User user = userDao.findByUsername(username);
if (!ObjectUtils.isEmpty(user)) {
System.out.println("user.getDomainName()=="+user.getDomainName());
if (origin.equalsIgnoreCase(user.getDomainName())) {
logger.info("Access granted");
responseToUse.addHeader("Access-Control-Allow-Origin", origin);
responseToUse.addHeader("Access-Control-Allow-Methods", "GET");
responseToUse.addHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
chain.doFilter(requestToUse, responseToUse);
}
}
Now, I tried to send a request to a URL thinking that browser will not provide response for that url but the browser is sending a valid response as shown in above picture.
Why is the browser not sending a valid response for cross-origin request? In this case the response should have been empty or invalid json
Now, I tried to send a request to a URL thinking that browser will not provide response for that url but the browser is sending a valid response as shown in above picture.
The browser isn't sending anything, the server is. The Same Origin Policy doesn't prevent the server from sending a response, it controls whether or not a script can read it. If your cross origin script tries to read that response it won't be able to.
CORS isn't a substitute for standard authentication controls. It's meant to protect the user from malicious sites, not to protect your server from the user (who, as you see, is free to read the response).
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices