Reputation: 695
I'm trying to configure GWT application to work with a different backend server (running Tomcat 7.0.26).
I followed the instructions from this website and configured CORS filter: http://software.dzhuvinov.com/cors-filter-installation.html
I used the sample GWT code (Greetings App), with these modifications:
In GWT App I added this line, before the RPC call:
((ServiceDefTarget) greetingService).setServiceEntryPoint("http://remoteserver/testcors/greet");
I have modified web.xml and added CORS filter:
<filter>
<!-- The CORS filter with parameters -->
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<!-- Note: All parameters are options, if ommitted CORS Filter will fall
back to the respective default values. -->
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Content-Type, X-Requested-With</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>X-Test-1, X-Test-2</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
<filter-mapping>
<!-- CORS Filter mapping -->
<filter-name>CORS</filter-name>
<url-pattern>/testcors/greet</url-pattern>
</filter-mapping>
If I access TestCORS app from "remoteserver", everything works fine and I can see these headers added:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://remoteserver
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Test-2, X-Test-1
Content-Encoding: gzip
Content-Disposition: attachment
Content-Type: application/json;charset=utf-8
Content-Length: 214
Date: Sun, 24 Feb 2013 15:12:42 GMT
But if I access the same TestCORS GWT app running on my local machine (127.0.0.1:8888), I get this error:
Request headers:
OPTIONS /testcors/greet HTTP/1.1
Host: remoteserver
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://127.0.0.1:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
Access-Control-Request-Headers: x-gwt-module-base, x-gwt-permutation, origin, content-type
Accept: */*
Referer: http://127.0.0.1:8888/TestCORS.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response headers:
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 96
Date: Sun, 24 Feb 2013 15:14:38 GMT
I tried this different browsers (Chrome Version 24.0.1312.57, Safari Version 6.0.2 (8536.26.17), Firefox 18.0.2, Opera Version 12.14) and I got the same error returned by the server - HTTP 403.
I saw few people having similar problems, but I wasn't able to find the solution:
Any help is very appreciated!
Upvotes: 0
Views: 2371
Reputation: 695
Thanks to Vladimir, I also got CORS filter from this website to work: http://software.dzhuvinov.com/cors-filter-installation.html
I added additional supported headers in the web.xml:
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Content-Type, X-Requested-With, x-gwt-module-base, x-gwt-permutation, origin, content-type</param-value>
</init-param>
Upvotes: 0
Reputation: 9741
I've not used this cors-filter before, I prefer a simplest one like this.
Anyway, in your case it seems you have not configured correctly the headers gwt needs to work, your app is sending:
Access-Control-Request-Headers: x-gwt-module-base, x-gwt-permutation, origin, content-type
So, your configuration should have:
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>x-gwt-module-base, x-gwt-permutation, origin, content-type</param-value>
</init-param>
Upvotes: 1