CODEWITHSUNDEEP
angularjsspringresttomcat
Ashok Kumar
Ashok Kumar

Reputation: 145

No 'Access-Control-Allow-Origin' header is present on the requested resource.The response had HTTP status code 401

I am calling a cross doamin REST web-service(Spring) using angular $http. Please find code below.

$http({    
url: ' http://xxx.yyy.zzz:8080/..../sponsors',
method: 'GET',
   headers: {  'Token' : 'abc'  }
}).success(function(sponsors){
      $scope.sponsorList = sponsors;
}).error(function(sponsors){
       alert('failed to get sponsors')
});

I am getting the below error

"Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

Restful webservices are deployed on Tomcat-8.

I have added a CORS filter in tomcat/conf/web.xml as below.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Even though i am getting the same error .

Can anybody please help me how to fix this? Did i miss any headers at client side? Anything else needs to be done at server side?

Thanks in advance

Upvotes: 5

Views: 2418

Answers (3)

Thierry Templier
Thierry Templier

Reputation: 202146

Perhaps this flow chart could help you to understand what happens: http://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png.

Could you give us the content of the OPTIONS request sent (both request and response content)? You can have access to this from the Network tabs of the Chrome dev tools...

Upvotes: 0

Ashok Kumar
Ashok Kumar

Reputation: 145

I found the root cause.

I have created simple hello world REST service without authentication on the same server and called the service.

I got the response without any issues.

I am getting the below error with existing production application which has authentication
No 'Access-Control-Allow-Origin' header is present on the requested resource.The response had HTTP status code 401

So i concluded that authentication is needed for PREFLIGHT request also.

Can anybody tell me how to send authentication headers in PREFLIGHT request? Do we have control on PREFLIGHT Requests?

Upvotes: 1

krish
krish

Reputation: 537

This would help you based on this link 

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Upvotes: 1

Related Questions