Access-Control-Allow-Origin in tomcat

Question

I want to set a default http header in my tomcat container -      Access-Control-Allow-Origin      From various different links on stackoverslow and from google  most have pointed to a resource  This again says same on how to do it  I have replicated the same  but still the header is not shown  This is what I have done  1  Copied cors jar file in  lib folder of tomcat 2  Inserted this text in web xml   lt filter gt       lt filter-name gt CORS lt  filter-name gt       lt filter-class gt com thetransactioncompany cors CORSFilter lt  filter-class gt       lt init-param gt        lt param-name gt cors allowOrigin lt  param-name gt           lt param-value gt   lt  param-value gt       lt  init-param gt       lt init-param gt        lt param-name gt cors supportedMethods lt  param-name gt           lt param-value gt GET  POST  HEAD  PUT  DELETE lt  param-value gt       lt  init-param gt       lt init-param gt        lt param-name gt cors supportedHeaders lt  param-name gt           lt param-value gt Content-Type  Last-Modified lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors exposedHeaders lt  param-name gt           lt param-value gt Set-Cookie lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors supportsCredentials lt  param-name gt           lt param-value gt true lt  param-value gt       lt  init-param gt   lt  filter gt    lt filter-mapping gt       lt filter-name gt CORS lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt   lt  filter-mapping gt    It doesn t work and I am helpless  My tomcat version is -6 0 6  Please help

User · Answer

I was setting up cors support credentials to true along with cors allowed origins as    which won t work  When cors allowed origins is     then cors support credentials should be false  default value or shouldn t be set explicitly   https   tomcat apache org tomcat-7 0-doc config filter html

User · Answer

I had to restart the browser after changing the ip address  laptop wireless DHCP  which was my  cross-host  I was referring to in my web app  which resolved the issue   Also make sure all the cors headers being added by your browser host are accepted allowed by including then in the cors allowed headers

User · Answer

The issue arose because of not including jar file as part of the project  I was just including it in tomcat lib  Using the below in web xml works now    lt filter gt       lt filter-name gt springSecurityFilterChain lt  filter-name gt       lt filter-class gt          org springframework web filter DelegatingFilterProxy      lt  filter-class gt   lt  filter gt     lt filter-mapping gt       lt filter-name gt springSecurityFilterChain lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt   lt  filter-mapping gt    lt filter gt       lt filter-name gt CORS lt  filter-name gt       lt filter-class gt com thetransactioncompany cors CORSFilter lt  filter-class gt        lt init-param gt           lt param-name gt cors allowOrigin lt  param-name gt           lt param-value gt   lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors supportsCredentials lt  param-name gt           lt param-value gt false lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors supportedHeaders lt  param-name gt           lt param-value gt accept  authorization  origin lt  param-value gt       lt  init-param gt       lt init-param gt           lt param-name gt cors supportedMethods lt  param-name gt           lt param-value gt GET  POST  HEAD  OPTIONS lt  param-value gt       lt  init-param gt   lt  filter gt     lt filter-mapping gt       lt filter-name gt CORS lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt   lt  filter-mapping gt    And the below in your project dependency    lt dependency gt       lt groupId gt com thetransactioncompany lt  groupId gt       lt artifactId gt cors-filter lt  artifactId gt       lt version gt 1 3 2 lt  version gt   lt  dependency gt

User · Answer

Please check your web xml again  You might be making some silly mistake  As my application is working fine with the same init-param configuration     Please copy paste the web xml  if the problem still persists

User · Answer

At the time of writing this  the current version of Tomcat 7  7 0 41  has a built-in CORS filter http   tomcat apache org tomcat-7 0-doc config filter html CORS Filter

User · Answer

Try this   1 write a custom filter      package com dtd util       import javax servlet        import javax servlet http HttpServletResponse      import java io IOException       public class CORSFilter implements Filter             Override         public void init FilterConfig filterConfig  throws ServletException                        Override         public void doFilter ServletRequest servletRequest  ServletResponse servletResponse  FilterChain filterChain  throws IOException  ServletException               HttpServletResponse httpResponse    HttpServletResponse  servletResponse              httpResponse addHeader  Access-Control-Allow-Origin                     filterChain doFilter servletRequest  servletResponse                       Override         public void destroy                        2 add to web xml   lt filter gt       lt filter-name gt CorsFilter lt  filter-name gt       lt filter-class gt com dtd util CORSFilter lt  filter-class gt   lt  filter gt    lt filter-mapping gt       lt filter-name gt CorsFilter lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt    lt  filter-mapping gt

User · Answer

Change this    lt init-param gt       lt param-name gt cors supportedHeaders lt  param-name gt       lt param-value gt Content-Type  Last-Modified lt  param-value gt   lt  init-param gt    To this   lt init-param gt       lt param-name gt cors supportedHeaders lt  param-name gt       lt param-value gt Accept  Origin  X-Requested-With  Content-Type  Last-Modified lt  param-value gt   lt  init-param gt    I had to do this to get anything to work

[tomcat] Access-Control-Allow-Origin: * in tomcat

Examples related to tomcat

Examples related to http-headers