@Override protected int beforeHandle(Request request, Response response) { if (Method.OPTIONS.equals(request.getMethod())) { Series<Header> requestHeaders = (Series<Header>) request.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS); String origin = requestHeaders.getFirstValue("Origin", false, "*"); String rh = requestHeaders.getFirstValue("Access-Control-Request-Headers", false, "*"); Series<Header> responseHeaders = (Series<Header>) response.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS); if (responseHeaders == null) { responseHeaders = new Series<Header>(Header.class); } responseHeaders.add("Access-Control-Allow-Origin", origin); responseHeaders.set("Access-Control-Expose-Headers", "Authorization, Link"); responseHeaders.add("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS"); responseHeaders.add("Access-Control-Allow-Headers", rh); responseHeaders.add("Access-Control-Allow-Credentials", "true"); responseHeaders.add("Access-Control-Max-Age", "60"); response.getAttributes().put(HeaderConstants.ATTRIBUTE_HEADERS, responseHeaders); response.setEntity(new EmptyRepresentation()); return SKIP; } return super.beforeHandle(request, response); }