Reputation: 355
Enabling cors in dropwizard not working
I'm working on a dropwizard application and js ui to interacte with the api. I need to load json data to update views but I have to enable cors in dropwizard before that. I did some staff but it seems not working because dropwizard returns allways 204 no content.
@Override
public void run(final BGConfiguration configuration, final Environment environment) throws Exception {
final Map<String, String> params = new HashMap<>();
params.put("Access-Control-Allow-Origin", "/*");
params.put("Access-Control-Allow-Credentials", "true");
params.put("Access-Control-Expose-Headers", "true");
params.put("Access-Control-Allow-Headers", "Content-Type, X-Requested-With");
params.put("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
environment.servlets().addFilter("cors", CrossOriginFilter.class).setInitParameters(params);
}
Upvotes: 25
Views: 22667
Answers (4)
Reputation: 5
you can try doing this:
final FilterRegistration.Dynamic cors =
environment.servlets().addFilter("CORS", CrossOriginFilter.class);
// Configure CORS parameters
// Configure CORS parameters
cors.setInitParameter("allowedOrigins", "*");
cors.setInitParameter("allowedHeaders", “<Headers>”);
cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,");
// Add URL mapping
cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
Upvotes: 0
Reputation: 4720
For me even after configuring the above, it was not working. Ultimately it turned out that i have to also allow cache-control headers.
filter.setInitParameter("allowedHeaders",
"Cache-Control,If-Modified-Since,Pragma,Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin");
Upvotes: 3
Reputation: 941
Adding to Mike Clarke's answer:
Setting the CHAIN_PREFLIGHT_PARAM to false will let this filter handle preflight requests without your authentication filters intercepting what would be a 200 response and turning them into unauthorized / forbidden.
import org.eclipse.jetty.servlets.CrossOriginFilter;
import javax.servlet.DispatcherType;
import java.util.EnumSet;
public void run(Configuration conf, Environment environment) {
// Enable CORS headers
final FilterRegistration.Dynamic cors =
environment.servlets().addFilter("CORS", CrossOriginFilter.class);
// Configure CORS parameters
cors.setInitParameter("allowedOrigins", "*");
cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");
// Add URL mapping
cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
// DO NOT pass a preflight request to down-stream auth filters
// unauthenticated preflight requests should be permitted by spec
cors.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, Boolean.FALSE.toString());
}
I was surprised that I didn't find any examples on the interwebs that included this configuration. Spent a few days trying to figure this out.
Upvotes: 15
Reputation: 883
The bug here is that the filter hasn't been configured with a URL path via the addMappingForUrlPatterns method.
This worked for me using dropwizard 0.7.1:
import org.eclipse.jetty.servlets.CrossOriginFilter;
import javax.servlet.DispatcherType;
import java.util.EnumSet;
public void run(Configuration conf, Environment environment) {
// Enable CORS headers
final FilterRegistration.Dynamic cors =
environment.servlets().addFilter("CORS", CrossOriginFilter.class);
// Configure CORS parameters
cors.setInitParameter("allowedOrigins", "*");
cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");
// Add URL mapping
cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
}
I'm assuming you're testing this live in a browser, but you can verify via CLI with a curl command like this:
$ curl -H "Origin: http://example.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
http://localhost:8080
You should see a bunch of Access-Control-* HTTP headers in the response.
Upvotes: 70
Related Questions
- hapi.js Cors Pre-flight not returning Access-Control-Allow-Origin header
- How to enable CORS on server-side code in java
- CORS enabled on Java Servlet yet receiving CORS error from frontend
- CORS is preventing me making API calls
- How to enable CORS on Dropwizard healthcheck api?
- Enable CORS Globally in Java
- Enable CORS on Tomcat 8.0.30
- Response for preflight has invalid HTTP status code 400
- How to enable CORS in jersey server on tomcat
- Using CORS header filter with dropwizard 0.7.0