GWT-No 'Access-Control-Allow-Origin' header is present on the requested resource

Question

We are trying to Implement CORS filter on tomcat to allow cross domain request. We have two GWT projects both on two different tomcat (different machines). After reading the CORS filter DocumentCORS , I just added the CORS filter in the web.xml file of the tomcat.

 `
  CorsFilter
  org.apache.catalina.filters.CorsFilter
  
    cors.allowed.origins
    *
  
  
    cors.allowed.methods
    GET,POST,HEAD,OPTIONS,PUT
  
  
    cors.allowed.headers
    Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
  
  
    cors.exposed.headers
    Access-Control-Allow-Origin,Access-Control-Allow-Credentials
  
  
    cors.support.credentials
    true
  
  
    cors.preflight.maxage
    10
  


  CorsFilter
  /*
`

But its not working. I got another stack question related to it but a little bit confusion how to implement filters in GWT ?

StackQues

WHAT IS THE ACTUAL PROCEDURE TO IMPLEMENT CORS FILTER WITH GWT?

Tobika · Accepted Answer

Extend Filter and add the class on your server side like in this:
NOTE: this is just a simple example to get you going. inform yourself about the security risks if you dont configure it the right way...
check the last part of this article

public class CORSFilter implements Filter {
    // For security reasons set this regex to an appropriate value
    // example: ".*example\.com"
    private static final String ALLOWED_DOMAINS_REGEXP = ".*";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
            FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) servletRequest;
        HttpServletResponse resp = (HttpServletResponse) servletResponse;

        String origin = req.getHeader("Origin");
        if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) {
            resp.addHeader("Access-Control-Allow-Origin", origin);
            if ("options".equalsIgnoreCase(req.getMethod())) {
                resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
                if (origin != null) {
                    String headers = req.getHeader("Access-Control-Request-Headers");
                    String method = req.getHeader("Access-Control-Request-Method");
                    resp.addHeader("Access-Control-Allow-Methods", method);
                    resp.addHeader("Access-Control-Allow-Headers", headers);
                    // optional, only needed if you want to allow cookies.
                    resp.addHeader("Access-Control-Allow-Credentials", "true");
                    resp.setContentType("text/x-gwt-rpc");
                }
                resp.getWriter().flush();
                return;
            }
        }

        // Fix ios6 caching post requests
        if ("post".equalsIgnoreCase(req.getMethod())) {
            resp.addHeader("Cache-Control", "no-cache");
        }

        if (filterChain != null) {
            filterChain.doFilter(req, resp);
        }
    }

    @Override
    public void destroy() {
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
    }
}

Dont forget to add the Filter in your web.xml(inside your WAR file, not the tomcat web.xml) file.


    corsFilter
    .CORSFilter


    corsFilter
    /*

GWT-No 'Access-Control-Allow-Origin' header is present on the requested resource

Answers (1)

Related Questions

GWT-No &#39;Access-Control-Allow-Origin&#39; header is present on the requested resource

Answers (1)

Related Questions

GWT-No 'Access-Control-Allow-Origin' header is present on the requested resource