No Access-Control-Allow-Origin header is present on the requested resource - Resteasy

Question

I am working on a webapplication comprises UI-Angular   Server-Java   RestEasy 3 0 9 Final for rest api calls  When i tried to access the rest service from another domain am getting below error  CANNOT LOAD Response to preflight request doesn t pass access control check  No  Access-Control-Allow-Origin  header is present on the requested resource  Origin  http   localhost 8080  is therefore not allowed access   I configured my server side to respond with the cross domain calls and this is working with the GET Call but POST Call is creating ERROR  web xml   lt context-param gt       lt param-name gt resteasy providers lt  param-name gt       lt param-value gt com test sample app CorsFeature lt  param-value gt   lt  context-param gt    lt listener gt       lt listener-class gt          org jboss resteasy plugins server servlet ResteasyBootstrap lt  listener-class gt   lt  listener gt     lt listener gt       lt listener-class gt org springframework web context ContextLoaderListener lt  listener-class gt   lt  listener gt    lt servlet gt       lt servlet-name gt resteasy-servlet lt  servlet-name gt       lt servlet-class gt          org jboss resteasy plugins server servlet HttpServletDispatcher lt  servlet-class gt       lt init-param gt           lt param-name gt javax ws rs Application lt  param-name gt           lt param-value gt com test sample app Application lt  param-value gt       lt  init-param gt   lt  servlet gt    lt servlet-mapping gt       lt servlet-name gt resteasy-servlet lt  servlet-name gt       lt url-pattern gt  rest   lt  url-pattern gt   lt  servlet-mapping gt    lt context-param gt       lt param-name gt resteasy servlet mapping prefix lt  param-name gt       lt param-value gt  rest lt  param-value gt   lt  context-param gt   lt context-param gt       lt param-name gt resteasy scan lt  param-name gt       lt param-value gt true lt  param-value gt   lt  context-param gt    Service class   GET  Path   getnameAtt    Produces MediaType APPLICATION JSON  public Response getHostnameAttributes     return Response  status 200   header  Access-Control-Allow-Origin         header  Access-Control-Allow-Headers            origin  content-type  accept  authorization    header  Access-Control-Allow-Credentials    true    header  Access-Control-Allow-Methods            GET  POST  PUT  DELETE  OPTIONS  HEAD    header  Access-Control-Max-Age    1209600    entity new TestImpl   getHostNameAttributes     build        POST  Path   getSeq    Produces MediaType APPLICATION JSON  public Response getCurrentSequence String request    return Response  status 200   header  Access-Control-Allow-Origin         header  Access-Control-Allow-Headers            origin  content-type  accept  authorization    header  Access-Control-Allow-Credentials    true    header  Access-Control-Allow-Methods            GET  POST  PUT  DELETE  OPTIONS  HEAD    header  Access-Control-Max-Age    1209600    entity new TestImpl   getCurrentSeq request    build        Since i am new to resteasy not able to figure out why this was not working  Any help would be greatly appreciated   Waiting for your response   Thanks

User · Accepted Answer

Your resource methods won t get hit  so their headers will never get set  The reason is that there is what s called a preflight request before the actual request  which is an OPTIONS request  So the error comes from the fact that the preflight request doesn t produce the necessary headers   For RESTeasy  you should use CorsFilter  You can see here for some example how to configure it  This filter will handle the preflight request  So you can remove all those headers you have in your resource methods    See Also    HTTP access control  CORS

User · Answer

After facing a similar issue  below is what I did    Created a class extending javax ws rs core Application and added a Cors Filter to it   To the CORS filter  I added corsFilter getAllowedOrigins   add  quot http   localhost 4200 quot     Basically  you should add the URL which you want to allow Cross-Origin Resource Sharing  Ans you can also use  quot   quot  instead of any specific URL to allow any URL  public class RestApplication     extends Application       private Set lt Object gt  singletons   new HashSet lt Object gt          public MessageApplication                 singletons add new CalculatorService       CalculatorService is your specific service you want to add use          CorsFilter corsFilter   new CorsFilter               To allow all origins for CORS add following  otherwise add only specific urls             corsFilter getAllowedOrigins   add  quot   quot            System out println  quot To only allow restrcited urls  quot            corsFilter getAllowedOrigins   add  quot http   localhost 4200 quot            singletons   new LinkedHashSet lt Object gt             singletons add corsFilter               Override     public Set lt Object gt  getSingletons                 return singletons            And here is my web xml    lt web-app id  quot WebApp ID quot  version  quot 2 4 quot      xmlns  quot http   java sun com xml ns j2ee quot      xmlns xsi  quot http   www w3 org 2001 XMLSchema-instance quot      xsi schemaLocation  quot http   java sun com xml ns j2ee      http   java sun com xml ns j2ee web-app 2 4 xsd quot  gt       lt display-name gt Restful Web Application lt  display-name gt        lt  -- Auto scan rest service -- gt       lt context-param gt           lt param-name gt resteasy scan lt  param-name gt           lt param-value gt true lt  param-value gt       lt  context-param gt        lt context-param gt           lt param-name gt resteasy servlet mapping prefix lt  param-name gt           lt param-value gt  rest lt  param-value gt       lt  context-param gt        lt listener gt           lt listener-class gt              org jboss resteasy plugins server servlet ResteasyBootstrap          lt  listener-class gt       lt  listener gt        lt servlet gt           lt servlet-name gt resteasy-servlet lt  servlet-name gt           lt servlet-class gt              org jboss resteasy plugins server servlet HttpServletDispatcher          lt  servlet-class gt           lt init-param gt               lt param-name gt javax ws rs Application lt  param-name gt               lt param-value gt com app RestApplication lt  param-value gt           lt  init-param gt       lt  servlet gt        lt servlet-mapping gt           lt servlet-name gt resteasy-servlet lt  servlet-name gt           lt url-pattern gt  rest   lt  url-pattern gt       lt  servlet-mapping gt    lt  web-app gt   The most important code which I was missing when I was getting this issue was  I was not adding my class extending javax ws rs Application i e RestApplication to the init-param of          lt servlet-name gt resteasy-servlet lt  servlet-name gt      lt init-param gt           lt param-name gt javax ws rs Application lt  param-name gt           lt param-value gt com app RestApplication lt  param-value gt       lt  init-param gt   And therefore my Filter was not able to execute and thus the application was not allowing CORS from the URL specified

User · Answer

Seems your resource POSTmethod won t get hit as  peeskillet mention  Most probably your  POST  request won t work  because it may not be a simple request  The only simple requests are GET  HEAD or POST and request headers are simple The only simple headers are Accept  Accept-Language  Content-Language  Content-Type  application x-www-form-urlencoded  multipart form-data  text plain    Since in you already  add Access-Control-Allow-Origin headers to your Response  you can add new OPTIONS method to your resource class        OPTIONS  Path   path         public Response options         return Response ok                  header  Access-Control-Allow-Origin                     header  Access-Control-Allow-Headers    origin  content-type  accept  authorization                header  Access-Control-Allow-Methods    GET  POST  PUT  DELETE  OPTIONS  HEAD                header  Access-Control-Max-Age    2000                build

[rest] No 'Access-Control-Allow-Origin' header is present on the requested resource - Resteasy

Examples related to rest

Examples related to cors

Examples related to resteasy