Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access Control Allow Origin in Servlet

Tags:

jsp

servlets

I am getting a request from a JSP (from iPad) to a Servlet (my system). When I send the response to the JSP the browser and iPad app seem to discard the data coming from the proxy due to the missing header.
I set the header as

           response.setHeader("Access-Control-Allow-Origin","*");

Access-Control-Allow-Origin is the header name coming from the iPad.
I have seen in the following link http://en.wikipedia.org/wiki/List_of_HTTP_header_fields that there is no Access-Control-Allow-Origin header type in Servlet.
Since the testing is going in different places, can you tell me the setheader I add is write one.

like image 663
bharathi Avatar asked Aug 17 '11 13:08

bharathi


1 Answers

You do misinterpret the WikiPedia entry. In a servlet you are allowed to set whatever response header you want. The only constraint is that clients must be able to understand the header. Wikipedia does list the official HTTP headers available as per RFC 2616 and 4229 (see link you provided). Proprietary, custom headers are legal and often used.

In general you only have to set the Access-Control-Allow-Origin header when it comes to cross-domain script requests, e.g. the JSP retrieved from domain1.com does perform a client side request (JavaScript, AJAX) to a servlet hosted on domain2.com. Depending on your use case you have to decide whether you require the header or not. The official spec is available here. You should carefully read it... believe me!

like image 185
home Avatar answered Nov 07 '22 12:11

home