Quarkus, CORS and Missing HTTP Headers 📎
A JAX-RS endpoint:
import java.net.URI;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@Path("/hello")
public class HelloResource {
@POST
@Produces(MediaType.TEXT_PLAIN)
public Response post(String content) {
var uri = URI.create("/id" + System.currentTimeMillis());
return Response.created(uri).build();
}
}
with activated CORS in application.properties:
quarkus.http.cors=true
...and accessed with browser's fetch from a different domain / port:
const sendPost = async _ => {
const response = await fetch("http://localhost:8080/hello", {
method: 'POST',
body:'hello from js'
});
const headerContent = response.headers.get('Location');
console.log('Location header',headerContent);
}
sendPost();
won't reveal the headers: Location header null.
To access the headers from JavaScript, you will have to list them in Quarkus' configuration:
quarkus.http.cors.exposed-headers=Location
Since curl is not a browser, the following command: curl -i -XPOST -d'hello' localhost:8080/hello
always returns all headers:
HTTP/1.1 201 Created
Content-Length: 0
Location: http://localhost:8080/id1595909973814
Looks like a bug, but it is actually a feature.