Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Tomcat CORS filter

Tags:

java

cors

web-applications

tomcat

I want to enable tomcat CORS filter, i added this to web.xml:

<filter>     <filter-name>CorsFilter</filter-name>     <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping>     <filter-name>CorsFilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

But it doesn't work. I tried with a custom filter:

<filter>     <filter-name>SimpleCORSFilter</filter-name>     <filter-class>com.common.SimpleCORSFilter</filter-class> </filter> <filter-mapping>     <filter-name>SimpleCORSFilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

With this Class:

public class SimpleCORSFilter implements Filter {      public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {         HttpServletResponse response = (HttpServletResponse) res;         response.setHeader("Access-Control-Allow-Origin", "*");         response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");         response.setHeader("Access-Control-Max-Age", "3600");         response.setHeader("Access-Control-Allow-Headers", "x-requested-with");         chain.doFilter(req, res);     } }

And this well works, can you tell me why? I don't know if it is important but I'm usign Spring Framework.

like image 650
Tobia Avatar asked Jun 24 '14 12:06

Tobia

People also ask

What is Tomcat Cors filter?

CORS Filter Introduction. This filter is an implementation of W3C's CORS (Cross-Origin Resource Sharing) specification, which is a mechanism that enables cross-origin requests. The filter works by adding required Access-Control-* headers to HttpServletResponse object.

Where to add CORS filter in Tomcat?

Tomcat Web Server Config To enable CORS support we have to use CORS Filter. If you want to enable CORS for all webapps, add the filter into $CATALINA_BASE/conf/web. xml. If you want to enable them only for the MOTECH application, add the filter into $CATALINA_BASE/webapps/motech-platform-server/WEB-INF/web.

How do I set the Content Security Policy header in tomcat 9?

xml config is based on built-in Tomcat filters which does not support CSP header yet. Therefore, you need to create custom servlet-filter, which can then be used in the web. xml file. You can found some nitty-gritty about custom filter creation in the grails-x-frame-options-plugin, based on XFO header.

What is Tomcat Web xml?

XML. The web. xml file is derived from the Servlet specification, and contains information used to deploy and configure the components of your web applications. When configuring Tomcat for the first time, this is where you can define servlet mappings for central components such as JSP.

2 Answers

The filter org.apache.catalina.filters.CorsFilter seek first a header in the request: Origin. If this header does not exist, the filter does not add any header in the response. Perhaps for that reason does not work.

Additionally, in a POST request, look for the header Content-Type. Something similar happens to other methods. May you want to see the code of this filter. In another way, there is a flowchart:

CORS Flow Chart

like image 180
Paul Vargas Avatar answered Sep 28 '22 09:09

Paul Vargas

I get a similar problem and I found something that worked for me on tomcat doc tomcat-doc-CORSFilter I use filter and init-param as below:

<filter>   <filter-name>CorsFilter</filter-name>   <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>   <init-param>     <param-name>cors.allowed.origins</param-name>     <param-value>*</param-value>   </init-param>   <init-param>     <param-name>cors.allowed.methods</param-name>     <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>   </init-param>   <init-param>     <param-name>cors.allowed.headers</param-name>     <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>   </init-param>   <init-param>     <param-name>cors.exposed.headers</param-name>     <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>   </init-param>   <init-param>     <param-name>cors.support.credentials</param-name>     <param-value>true</param-value>   </init-param>   <init-param>     <param-name>cors.preflight.maxage</param-name>     <param-value>10</param-value>   </init-param> </filter> <filter-mapping>   <filter-name>CorsFilter</filter-name>   <url-pattern>/*</url-pattern> </filter-mapping>

Hope it helps!

like image 35
Krizka Avatar answered Sep 28 '22 10:09

Krizka
Sign in to Comment

Related questions

How to connect in java as SYS to Oracle?
Raw Servlet vs. Spring MVC [closed]
spring-boot without parent pom.xml cannot generate war packaging
Gradle-File warnings In IntelliJ IDEA 2019.1
What is the most used pattern in java.io?
Is there a library for reading maven2/3 pom xml files?
Java String Scanner input does not wait for info, moves directly to next statement. How to wait for info? [duplicate]
Regex to match only commas not in parentheses?
Spring async method called from another async method
Spring jUnit Testing properties file
WARNING: The (sub)resource method contains empty path annotation
JVM space exhausted when building a project through gradle
Iterators in C++ (stl) vs Java, is there a conceptual difference?
read file in classpath
What is object graph in java?
Android: Difference between getCount() and getChildCount() in ListView
Including local jar file in project at build time using gradle
What's the use of private constructor in Java?
How to check whether java is installed on the computer
Unable to find main class :bootRepackage

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!