Menu
I want to enable tomcat CORS filter, i added this to web.xml:
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> But it doesn't work. I tried with a custom filter:
<filter> <filter-name>SimpleCORSFilter</filter-name> <filter-class>com.common.SimpleCORSFilter</filter-class> </filter> <filter-mapping> <filter-name>SimpleCORSFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> With this Class:
public class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); chain.doFilter(req, res); } } And this well works, can you tell me why? I don't know if it is important but I'm usign Spring Framework.
650
CORS Filter Introduction. This filter is an implementation of W3C's CORS (Cross-Origin Resource Sharing) specification, which is a mechanism that enables cross-origin requests. The filter works by adding required Access-Control-* headers to HttpServletResponse object.
Tomcat Web Server Config To enable CORS support we have to use CORS Filter. If you want to enable CORS for all webapps, add the filter into $CATALINA_BASE/conf/web. xml. If you want to enable them only for the MOTECH application, add the filter into $CATALINA_BASE/webapps/motech-platform-server/WEB-INF/web.
xml config is based on built-in Tomcat filters which does not support CSP header yet. Therefore, you need to create custom servlet-filter, which can then be used in the web. xml file. You can found some nitty-gritty about custom filter creation in the grails-x-frame-options-plugin, based on XFO header.
XML. The web. xml file is derived from the Servlet specification, and contains information used to deploy and configure the components of your web applications. When configuring Tomcat for the first time, this is where you can define servlet mappings for central components such as JSP.
The filter org.apache.catalina.filters.CorsFilter seek first a header in the request: Origin. If this header does not exist, the filter does not add any header in the response. Perhaps for that reason does not work.
Additionally, in a POST request, look for the header Content-Type. Something similar happens to other methods. May you want to see the code of this filter. In another way, there is a flowchart:
180
I get a similar problem and I found something that worked for me on tomcat doc tomcat-doc-CORSFilter I use filter and init-param as below:
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> Hope it helps!
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
