6

I am getting a request from a JSP (from iPad) to a Servlet (my system). When I send the response to the JSP the browser and iPad app seem to discard the data coming from the proxy due to the missing header.
I set the header as 

           response.setHeader("Access-Control-Allow-Origin","*");

Access-Control-Allow-Origin is the header name coming from the iPad.
I have seen in the following link http://en.wikipedia.org/wiki/List_of_HTTP_header_fields that there is no Access-Control-Allow-Origin header type in Servlet.
Since the testing is going in different places, can you tell me the setheader I add is write one.

S.L. Barth is on codidact.com
  • 8,198
  • 71
  • 51
  • 66
bharathi
  • 6,019
  • 23
  • 90
  • 152

1 Answers1

5

You do misinterpret the WikiPedia entry. In a servlet you are allowed to set whatever response header you want. The only constraint is that clients must be able to understand the header. Wikipedia does list the official HTTP headers available as per RFC 2616 and 4229 (see link you provided). Proprietary, custom headers are legal and often used.

In general you only have to set the Access-Control-Allow-Origin header when it comes to cross-domain script requests, e.g. the JSP retrieved from domain1.com does perform a client side request (JavaScript, AJAX) to a servlet hosted on domain2.com. Depending on your use case you have to decide whether you require the header or not. The official spec is available here. You should carefully read it... believe me!

home
  • 12,468
  • 5
  • 46
  • 54