Access-Control-Allow-Origin in tomcat

Question

I want to set a default http header in my tomcat container -

Access-Control-Allow-Origin: *

From various different links on stackoverslow and from google, most have pointed to a resource. This again says same on how to do it. I have replicated the same, but still the header is not shown. This is what I have done: 1) Copied cors.jar file in /lib folder of tomcat 2) Inserted this text in web.xml

<filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
    <init-param>
     <param-name>cors.allowOrigin</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
     <param-name>cors.supportedMethods</param-name>
        <param-value>GET, POST, HEAD, PUT, DELETE</param-value>
    </init-param>
    <init-param>
     <param-name>cors.supportedHeaders</param-name>
        <param-value>Content-Type, Last-Modified</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposedHeaders</param-name>
        <param-value>Set-Cookie</param-value>
    </init-param>
    <init-param>
        <param-name>cors.supportsCredentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>CORS</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

It doesn't work and I am helpless. My tomcat version is -6.0.6. Please help.

This question is related to tomcat http-headers

User · Answer

At the time of writing this  the current version of Tomcat 7  7 0 41  has a built-in CORS filter http   tomcat apache org tomcat-7 0-doc config filter html CORS Filter

User · Answer

Please check your web xml again  You might be making some silly mistake  As my application is working fine with the same init-param configuration     Please copy paste the web xml  if the problem still persists

User · Answer

The issue arose because of not including jar file as part of the project  I was just including it in tomcat lib  Using the below in web xml works now    lt filter gt       lt filter-name gt springSecurityFilterChain lt  filter-name gt       lt filter-class gt          org springframework web filter DelegatingFilterProxy      lt  filter-class gt   lt  filter gt     lt filter-mapping gt       lt filter-name gt springSecurityFilterChain lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt   lt  filter-mapping gt    lt filter gt       lt filter-name gt CORS lt  filter-name gt       lt filter-class gt com thetransactioncompany cors CORSFilter lt  filter-class gt        lt init-param gt           lt param-name gt cors allowOrigin lt  param-name gt           lt param-value gt   lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors supportsCredentials lt  param-name gt           lt param-value gt false lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors supportedHeaders lt  param-name gt           lt param-value gt accept  authorization  origin lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors supportedMethods lt  param-name gt           lt param-value gt GET  POST  HEAD  OPTIONS lt  param-value gt       lt  init-param gt   lt  filter gt     lt filter-mapping gt       lt filter-name gt CORS lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt   lt  filter-mapping gt    And the below in your project dependency    lt dependency gt       lt groupId gt com thetransactioncompany lt  groupId gt       lt artifactId gt cors-filter lt  artifactId gt       lt version gt 1 3 2 lt  version gt   lt  dependency gt

User · Answer

I had to restart the browser after changing the ip address (laptop wireless DHCP) which was my "cross-host" I was referring to in my web app, which resolved the issue.

Also make sure all the cors headers being added by your browser/host are accepted/allowed by including then in the cors.allowed.headers

User · Answer

Try this   1 write a custom filter      package com dtd util       import javax servlet        import javax servlet http HttpServletResponse      import java io IOException       public class CORSFilter implements Filter             Override         public void init FilterConfig filterConfig  throws ServletException                        Override         public void doFilter ServletRequest servletRequest  ServletResponse servletResponse  FilterChain filterChain  throws IOException  ServletException               HttpServletResponse httpResponse    HttpServletResponse  servletResponse              httpResponse addHeader  Access-Control-Allow-Origin                     filterChain doFilter servletRequest  servletResponse                       Override         public void destroy                        2 add to web xml   lt filter gt       lt filter-name gt CorsFilter lt  filter-name gt       lt filter-class gt com dtd util CORSFilter lt  filter-class gt   lt  filter gt    lt filter-mapping gt       lt filter-name gt CorsFilter lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt    lt  filter-mapping gt

User · Answer

Change this    lt init-param gt       lt param-name gt cors supportedHeaders lt  param-name gt       lt param-value gt Content-Type  Last-Modified lt  param-value gt   lt  init-param gt    To this   lt init-param gt       lt param-name gt cors supportedHeaders lt  param-name gt       lt param-value gt Accept  Origin  X-Requested-With  Content-Type  Last-Modified lt  param-value gt   lt  init-param gt    I had to do this to get anything to work

User · Answer

I was setting up cors support credentials to true along with cors allowed origins as    which won t work  When cors allowed origins is     then cors support credentials should be false  default value or shouldn t be set explicitly   https   tomcat apache org tomcat-7 0-doc config filter html

[tomcat] Access-Control-Allow-Origin: * in tomcat

The answer is

Examples related to tomcat

Examples related to http-headers

Tags