CODEWITHSUNDEEP
javascriptapitomcat7cors
TechiRik
TechiRik

Reputation: 2143

CORS issue with Tomcat

We have a tomcat webserver (server1), which is hosting a couple of webpages containing JavaScripts to call backend APIs hosted on a different webserver (server2).

When I am navigating to the webpages on server1, it is throwing an error -

"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at server2/api. (Reason: CORS request failed)."

When I make a call to the api on server2 directly from a POST client, I am able to get a response.

I understand that we have to enable CORS on the server. But which server should we enable the CORS on? Will it be the Tomcat server (server1) which is hosting the webpages, or the API server (server2) which is hosting the APIs?

Additionally we tried enabling CORS on Tomcat by adding the Filters as per http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter but that did not help.

Please advise.

Regards, Ritwik

Upvotes: 0

Views: 1714

Answers (1)

Marged
Marged

Reputation: 10973

CORS needs the recipient of a call to allow or disallow. In your scenario you need server2 to allow connections of server1.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Make sure that your whitelist contains the correct URL, for example https://server1:8081/, because all of protocol, host and port need to match !

http://enable-cors.org/server_tomcat.html

Upvotes: 1

Related Questions