I am calling a cross doamin REST web-service(Spring) using angular $http. Please find code below.
$http({
url: ' http://xxx.yyy.zzz:8080/..../sponsors',
method: 'GET',
headers: { 'Token' : 'abc' }
}).success(function(sponsors){
$scope.sponsorList = sponsors;
}).error(function(sponsors){
alert('failed to get sponsors')
});
I am getting the below error
"Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
Restful webservices are deployed on Tomcat-8.
I have added a CORS filter in tomcat/conf/web.xml as below.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Even though i am getting the same error .
Can anybody please help me how to fix this? Did i miss any headers at client side? Anything else needs to be done at server side?
Thanks in advance
This would help you based on this link
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I found the root cause.
I have created simple hello world REST service without authentication on the same server and called the service.
I got the response without any issues.
I am getting the below error with existing production application which has authentication
No 'Access-Control-Allow-Origin' header is present on the requested resource.The response had HTTP status code 401
So i concluded that authentication is needed for PREFLIGHT request also.
Can anybody tell me how to send authentication headers in PREFLIGHT request? Do we have control on PREFLIGHT Requests?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With