diff --git a/hapi-fhir-base/src/site/xdoc/doc_cors.xml b/hapi-fhir-base/src/site/xdoc/doc_cors.xml
index 126065c3ab0..37e7ebc31c9 100644
--- a/hapi-fhir-base/src/site/xdoc/doc_cors.xml
+++ b/hapi-fhir-base/src/site/xdoc/doc_cors.xml
@@ -76,7 +76,7 @@
A comma separated list non-standard response headers that will be exposed to XHR2 object.
cors.exposed.headers
-
+ Location,Content-Location
A flag that suggests if CORS is supported with cookies
diff --git a/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java b/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java
index c146dd277ee..3726ce2c2fb 100644
--- a/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java
+++ b/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java
@@ -12,6 +12,8 @@ import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpOptions;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
@@ -26,6 +28,7 @@ import org.junit.Test;
import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.model.api.Bundle;
+import ca.uhn.fhir.model.dstu.resource.Patient;
import ca.uhn.fhir.rest.server.ResfulServerSelfReferenceTest.DummyPatientResourceProvider;
import ca.uhn.fhir.testutil.RandomServerPortProvider;
@@ -54,6 +57,7 @@ public class CorsTest {
fh.setInitParameter("cors.logging.enabled", "true");
fh.setInitParameter("cors.allowed.origins", "*");
fh.setInitParameter("cors.allowed.headers", "x-fhir-starter,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers");
+ fh.setInitParameter("cors.exposed.headers", "Location,Content-Location");
fh.setInitParameter("cors.allowed.methods", "GET,POST,PUT,DELETE,OPTIONS");
ServletContextHandler ch = new ServletContextHandler();
@@ -100,6 +104,20 @@ public class CorsTest {
assertEquals(1, bundle.getEntries().size());
}
+ {
+ HttpPost httpOpt = new HttpPost(baseUri + "/Patient");
+ httpOpt.addHeader("Access-Control-Request-Method", "POST");
+ httpOpt.addHeader("Origin", "http://www.fhir-starter.com");
+ httpOpt.addHeader("Access-Control-Request-Headers", "accept, x-fhir-starter, content-type");
+ httpOpt.setEntity(new StringEntity(ourCtx.newXmlParser().encodeResourceToString(new Patient())));
+ HttpResponse status = ourClient.execute(httpOpt);
+ String responseContent = IOUtils.toString(status.getEntity().getContent());
+ IOUtils.closeQuietly(status.getEntity().getContent());
+ ourLog.info("Response: {}", status);
+ ourLog.info("Response was:\n{}", responseContent);
+ assertEquals("POST", status.getFirstHeader(Constants.HEADER_CORS_ALLOW_METHODS).getValue());
+ assertEquals("http://www.fhir-starter.com", status.getFirstHeader(Constants.HEADER_CORS_ALLOW_ORIGIN).getValue());
+ }
} finally {
server.stop();
}
diff --git a/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/ResfulServerSelfReferenceTest.java b/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/ResfulServerSelfReferenceTest.java
index 737d22f82c1..1c790230741 100644
--- a/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/ResfulServerSelfReferenceTest.java
+++ b/hapi-fhir-base/src/test/java/ca/uhn/fhir/rest/server/ResfulServerSelfReferenceTest.java
@@ -28,10 +28,13 @@ import ca.uhn.fhir.model.dstu.resource.Patient;
import ca.uhn.fhir.model.dstu.valueset.IdentifierUseEnum;
import ca.uhn.fhir.model.primitive.IdDt;
import ca.uhn.fhir.model.primitive.UriDt;
+import ca.uhn.fhir.rest.annotation.Create;
import ca.uhn.fhir.rest.annotation.IdParam;
import ca.uhn.fhir.rest.annotation.Read;
import ca.uhn.fhir.rest.annotation.RequiredParam;
+import ca.uhn.fhir.rest.annotation.ResourceParam;
import ca.uhn.fhir.rest.annotation.Search;
+import ca.uhn.fhir.rest.api.MethodOutcome;
import ca.uhn.fhir.rest.server.provider.ServerProfileProvider;
import ca.uhn.fhir.testutil.RandomServerPortProvider;
@@ -174,6 +177,11 @@ public class ResfulServerSelfReferenceTest {
return idToPatient;
}
+ @Create
+ public MethodOutcome create(@ResourceParam Patient thePatient) {
+ return new MethodOutcome(thePatient.getId());
+ }
+
@Search()
public Patient getPatient(@RequiredParam(name = Patient.SP_IDENTIFIER) IdentifierDt theIdentifier) {
for (Patient next : getIdToPatient().values()) {
diff --git a/hapi-fhir-jpaserver-uhnfhirtest/src/main/webapp/WEB-INF/web.xml b/hapi-fhir-jpaserver-uhnfhirtest/src/main/webapp/WEB-INF/web.xml
index 5807ae892cb..10c4f4889fa 100644
--- a/hapi-fhir-jpaserver-uhnfhirtest/src/main/webapp/WEB-INF/web.xml
+++ b/hapi-fhir-jpaserver-uhnfhirtest/src/main/webapp/WEB-INF/web.xml
@@ -76,7 +76,7 @@
A comma separated list non-standard response headers that will be exposed to XHR2 object.
cors.exposed.headers
-
+ Location,Content-Location
A flag that suggests if CORS is supported with cookies
diff --git a/restful-server-example/src/main/webapp/WEB-INF/web.xml b/restful-server-example/src/main/webapp/WEB-INF/web.xml
index 3f0b32336e7..88020ad1d40 100644
--- a/restful-server-example/src/main/webapp/WEB-INF/web.xml
+++ b/restful-server-example/src/main/webapp/WEB-INF/web.xml
@@ -51,7 +51,7 @@
A comma separated list non-standard response headers that will be exposed to XHR2 object.
cors.exposed.headers
-
+ Location,Content-Location
A flag that suggests if CORS is supported with cookies