Enabling CORS Reply Filter in Tomcat 8.0
I'm trying to call a web service on one server from another (cross origin) using a fairly simple jQuery.ajax
POST request .
return $.ajax({
type: "POST",
url: "http://dev.hostname.com/ws/account/example1@example.com?property_id=1&custnum=123456",
dataType:"json"
});
I always get the following answer error
...
XMLHttpRequest cannot load http://dev.hostname.com/ws/account/ example1@example.com ? Property_id = 1 & custnum = 123456 . There is no "Access-Control-Allow-Origin" header in the requested resource. The origin is
http://localhost:63342
therefore not allowed access.
A web service is a Java based web service hosted in Apache Tomcat/8.0.8
. I tried to send the request as JSONP, but that got me into problems when trying to handle callbacks from the promise object. However, this is a different post ... Alternatively, I decided to look into the CORS Response solution. Now I am VERY new to Java programming and I am not very comfortable with this, so please bear with me.
I have covered two main solutions for CORS implementation. One is to create a custom response filter. I couldn't get this to work, but then I found that as of Tomcat 7.0, the filter is presumably already provided. I have seen several posts on this second solution but with absolutely no luck. Using the guidelines given in the Apache Tomcat Documentation , I added the following FILTER information to the application web.xml file (I also tried adding it to the root web.xml and it didn't work there either).
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Since I am using Tomcat 8.0.8
. I would have expected this to work, but I keep getting the same error. Did I miss something?
Thank you for your help.
UPDATED
I am adding headers from Firebug when calling a service in Firefox. This is the request header ...
Accept application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control no-cache
Connection keep-alive
Content-Length 0
Host dev.hostname.com
Origin http://localhost:63342
Pragma no-cache
Referer http://localhost:63342/keurig/default.html
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
This is the response header
Content-Length 0
Content-Type text/plain
Date Thu, 21 Aug 2014 17:50:58 GMT
Server Apache-Coyote/1.1
I definitely don't see any of the "Access-Control- *" headers I would expect to see in the response.
source to share
The CORS configuration presented here worked for me, but only until I removed the "Allowed Headers" space after the comma in the last header.
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
As soon as I took out that space in front of Last-Modified, I was in business.
source to share