Reputation: 3
tomcat 7 cors filter
Ubuntu 12.10
Tomcat 7.0.41
Chrome 27.0.1453.116
I would like to use Tomcat's new, native CORS filter to allow Access-Control-Allow-Origin: * . The configuration seems simple enough but when I use Chrome's "Developer tools" or Firefox' Firebug to check for Access-Control-Allow-Origin: *, it does not appear in the response header:
Request URL:http://XXX.XXX.XX.99:8984/SimpleServlet/simple-servlet
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
DNT:1
Host:198.100.45.99:8984
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Response Headersview source
Content-Length:103
Content-Type:text/html;charset=ISO-8859-1
Date:Mon, 24 Jun 2013 00:19:30 GMT
Server:Apache-Coyote/1.1
For testing, I've deployed a simple servlet and have configured the following in WEB-INF/web.xml.
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3.0.xsd"
version="3.0">
<servlet>
<servlet-name>SimpleServlet</servlet-name>
<servlet-class>com.javaranch.codebarn.servletjsp.SimpleServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SimpleServlet</servlet-name>
<url-pattern>/simple-servlet</url-pattern>
</servlet-mapping>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin</param-value>
</init-param>
<!--
<init-param>
<param-name>cors.logging.enabled</param-name>
<param-value>true</param-value>
</init-param>
-->
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
What am I missing? I've also tried Dzhuvinov's java classes/filter and have tried configuring the filter in WEB-INF/web.xml and $CATALINA_BASE/conf/web.xml. What could be blocking this configuration?
How can I troubleshoot this? It appears that in the original eBay cors-filter offering, there was a parameter to toggle logging, but this is not reflected in the Tomcat v7.0.41 documentation.
Upvotes: 0
Views: 11648
Answers (1)
Reputation: 11
The issue was not in the web.xml filter configuration; rather, it was in the way the results of the test were measured. Rather than using Chrome's Developer Tools, use test-cors.org (http://client.cors-api.appspot.com/client). See also https://groups.google.com/forum/#!topic/gs-discussion/kgdCFuJoTt4.
Upvotes: 1
Related Questions
- Tomcat CORS filter
- How to enable CORS tomcat 8.5 filter to access static files?
- Set custom filter on Tomcat 8 using web.xml
- CORS Filter Tomcat 7 Not Working
- Enabling a CORS Response Filter in Tomcat 8.0
- Tomcat 8: CORS filter doesn't work
- CORS on Tomcat 6
- Apache Tomcat 7 CORS Filter IE8, IE9 always return 403 response
- CORS filter tomcat 7 No 'Access-Control-Allow-Origin' header is present on the requested resource
- spring java based - adding of filter