Menu
I'm working on a dropwizard application and js ui to interacte with the api. I need to load json data to update views but I have to enable cors in dropwizard before that. I did some staff but it seems not working because dropwizard returns allways 204 no content.
@Override public void run(final BGConfiguration configuration, final Environment environment) throws Exception { final Map<String, String> params = new HashMap<>(); params.put("Access-Control-Allow-Origin", "/*"); params.put("Access-Control-Allow-Credentials", "true"); params.put("Access-Control-Expose-Headers", "true"); params.put("Access-Control-Allow-Headers", "Content-Type, X-Requested-With"); params.put("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); environment.servlets().addFilter("cors", CrossOriginFilter.class).setInitParameters(params); } 
809
Enable CORS support on a REST API resource Sign in to the API Gateway console at https://console.aws.amazon.com/apigateway . Choose the API from the APIs list. Choose a resource under Resources. This will enable CORS for all the methods on the resource.
Scope Rules for [EnableCors] You can enable CORS per action, per controller, or globally for all Web API controllers in your application. To enable CORS for a single action, set the [EnableCors] attribute on the action method. The following example enables CORS for the GetItem method only.
CORS is off by default for security purposes.
The bug here is that the filter hasn't been configured with a URL path via the addMappingForUrlPatterns method.
This worked for me using dropwizard 0.7.1:
import org.eclipse.jetty.servlets.CrossOriginFilter; import javax.servlet.DispatcherType; import java.util.EnumSet; public void run(Configuration conf, Environment environment) { // Enable CORS headers final FilterRegistration.Dynamic cors = environment.servlets().addFilter("CORS", CrossOriginFilter.class); // Configure CORS parameters cors.setInitParameter("allowedOrigins", "*"); cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin"); cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD"); // Add URL mapping cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*"); } I'm assuming you're testing this live in a browser, but you can verify via CLI with a curl command like this:
$ curl -H "Origin: http://example.com" \ -H "Access-Control-Request-Method: POST" \ -H "Access-Control-Request-Headers: X-Requested-With" \ -X OPTIONS --verbose \ http://localhost:8080 You should see a bunch of Access-Control-* HTTP headers in the response.
136
Adding to Mike Clarke's answer:
Setting the CHAIN_PREFLIGHT_PARAM to false will let this filter handle preflight requests without your authentication filters intercepting what would be a 200 response and turning them into unauthorized / forbidden.
import org.eclipse.jetty.servlets.CrossOriginFilter; import javax.servlet.DispatcherType; import java.util.EnumSet; public void run(Configuration conf, Environment environment) { // Enable CORS headers final FilterRegistration.Dynamic cors = environment.servlets().addFilter("CORS", CrossOriginFilter.class); // Configure CORS parameters cors.setInitParameter("allowedOrigins", "*"); cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin"); cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD"); // Add URL mapping cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*"); // DO NOT pass a preflight request to down-stream auth filters // unauthenticated preflight requests should be permitted by spec cors.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, Boolean.FALSE.toString()); } I was surprised that I didn't find any examples on the interwebs that included this configuration. Spent a few days trying to figure this out.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
