I am new to Cross-origin resource sharing and I want to enable it in a Tomcat 5.5 server. Anybody can give me some hint how can this be achieved?
I want to set the header universally for all requests, and to allow all origins (Access-Control-Allow-Origin: *
)
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to create a bucket policy for. Choose Permissions. In the Cross-origin resource sharing (CORS) section, choose Edit.
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
If it's a static site, then starting with Tomcat 7.0.41, you can easily control CORS behavior via a built-in filter.
Pretty much the only thing you have to do is edit the global web.xml
in CATALINA_HOME/conf
and add the filter definition:
<!-- ================== Built In Filter Definitions ===================== --> ... <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- ==================== Built In Filter Mappings ====================== -->
Be aware, though, that Firefox does not like Access-Control-Allow-Origin: *
and requests with credentials (cookies): when responding to a credentialed request, server must specify a domain, and cannot use wild carding.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With