Issue

• Some of our ESB services hosted on JBoss SOA are used by multiple web sites in various domains. The services are invoked by javascript running in browsers issuing AJAX calls using HTTP POST to the ESB. Due to the web page issuing the AJAX call being in a domain different from the domain of the SOA host, some browsers (Firefox and Chrome) will pre-flight the cross-site POST request with an HTTP OPTIONS call. Our ESB services use HTTP Gateway to expose HTTP service endpoints. When the browser issues the pre-flight HTTP OPTIONS call, it expects the web server to return certain ACCESS-CONTROL response headers (such as Access-Control-Allow-Origin). How can we setup JBoss to return a pre-defined response header for an HTTP OPTIONS call?