Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-18617

CORS conflict in Camel REST

XMLWordPrintable

    • False
    • False
    • % %
    • +
    • Automated
    • Hide

      Download and extract the project provided:

       - cors-issue.tar.gz

       

      run with:

          mvn clean compile quarkus:dev

      succesfull call (no CORS):

          curl -v -H "content-type: application/json" -d '{"id":"123"}' http://localhost:8080/camel/subscriber/details

      failing call using web client (with CORS):

          with web client:
            e.g.
              https://editor.swagger.io/

          Load spec
            File > Import URL
              http://localhost:8080/camel/openapi.json

          click [Try it out] > scroll down > click [Execute]

          Returns: "Failed to fetch."

      failing call using cURL (simulates CORS)

          curl -v -X OPTIONS 'http://localhost:8080/camel/subscriber/details'

          > returns '400 Bad Request'

      the following test seems to show the source problem of Camel REST DSL...

          edit file:
            > src/main/resources/routes/api-spec.xml

          remove code:
            consumes="application/json"

          call with:
            curl -v -X OPTIONS 'http://localhost:8080/camel/subscriber/details'

          > returns '204 No Content'

      Show
      Download and extract the project provided:  - cors-issue.tar.gz   run with:     mvn clean compile quarkus:dev succesfull call (no CORS):     curl -v -H "content-type: application/json" -d '{"id":"123"}' http://localhost:8080/camel/subscriber/details failing call using web client (with CORS):     with web client:       e.g.         https://editor.swagger.io/     Load spec       File > Import URL         http://localhost:8080/camel/openapi.json     click [Try it out] > scroll down > click [Execute]     Returns: "Failed to fetch." failing call using cURL (simulates CORS)     curl -v -X OPTIONS 'http://localhost:8080/camel/subscriber/details'     > returns '400 Bad Request' the following test seems to show the source problem of Camel REST DSL...     edit file:       > src/main/resources/routes/api-spec.xml     remove code:       consumes="application/json"     call with:       curl -v -X OPTIONS 'http://localhost:8080/camel/subscriber/details'     > returns '204 No Content'

      Client calls, with CORS resolution involved, fail when Camel REST DSL configures operations for JSON type payloads.

      Client calls from web clients for example, such as web REST API tools, are accepted by Camel. In this example, the browser needs to validate CORS to allow the client call to be performed.

      With CORS enabled in Camel, the client calls should succeed, but in this particular scenario they don't because Camel seems to block all calls that do not include the header: [Content-Type: application/json] 

        1. cors-issue.tar.gz
          12 kB

            zfeng@redhat.com Zheng Feng
            bmesegue@redhat.com Bruno Meseguer
            Tomas Turek Tomas Turek
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: