I want to implement a file upload for an GWT application running on google app engine. I used GWTUpload, but get the following error if I try to upload a file:
<stdout>: 2015-06-14 17:50:35 ERROR UploadServlet:70 - checkCORS error Origin: http://myApp.appspot.com does not match:^$
I looked into the UploadServlet and there is actually a check on the Origin againg "^$". I do not quite what this regex matches "^" seems to be the start of the String and "$" the end of it. But is seems to match only against an empty String?
private boolean checkCORS(HttpServletRequest request, HttpServletResponse response) {
String origin = request.getHeader("Origin");
if (origin != null && origin.matches(corsDomainsRegex)) {
// Maybe the user has used this domain before and has a session-cookie, we delete it
// Cookie c = new Cookie("JSESSIONID", "");
// c.setMaxAge(0);
// response.addCookie(c);
// All doXX methods should set these header
response.addHeader("Access-Control-Allow-Origin", origin);
response.addHeader("Access-Control-Allow-Credentials", "true");
return true;
} else if (origin != null) {
logger.error("checkCORS error Origin: " + origin + " does not match:" + corsDomainsRegex);
}
return false;
}
I can not set "corsDomainsRegex" or override the method checkCORS() since they are both are private. Whats the actual problem here? How can I solve this?
This is a hardwired check to prevent people uploading files via other domain names. If you don't need this, you can change the corsDomainsRegex by adding the following to your web.xml (or whatever domain you wish to check against).