How to enable CORS in apache tomcat


I am trying to consume some web services which are cross domain. When I disable chrome's web-security it is working fine. I want it to work without this so I have tried adding cross-domain.xml and still it didnt work. When i searched more, came to know about CORS enabling in tomcat.


For Apache Apache can be configured to expose this header using mod_headers. This is enabled by default in Apache, however you may want to ensure it's enabled in your deployment by running the following command:

a2enmod headers

To expose the header, you can add the following line inside , , and sections, or within an .htaccess file.

<IfModule mod_headers.c>
   Header set Access-Control-Allow-Origin "*"

Can anyone please let me know where to add these configurations in TOMCAT and in which files exactly. I am using tomcat from eclipse.

Appreciate any help.

This question is tagged with java eclipse apache tomcat cors

~ Asked on 2014-03-20 07:25:27

The Best Answer is


CORS support in Tomcat is provided via a filter. You need to add this filter to your web.xml file and configure it to match your requirements. Full details on the configuration options available can be found in the Tomcat Documentation.

~ Answered on 2014-03-20 09:04:15


Check this answer: Set CORS header in Tomcat

Note that you need Tomcat 7.0.41 or higher.

To know where the current instance of Tomcat is located try this:


You'll see the path in the console view.

Then look for /conf/web.xml on that folder, open it and add the lines of the above link.

~ Answered on 2014-03-28 09:58:28

Most Viewed Questions: