Dreamer
Reputation: 7551
Tomcat 8: CORS filter doesn't work
Here I have an application deployed in Tomcat 8 instance. I have followed Tomcat 8 document to add CORS filter in :
/apache-tomcat-8/conf/Catalina/web.xml
with basically the same configuration in the document
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and when I run following command:
curl -I "http://localhost:8181/MySuperApp/login/"
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store, must-revalidate
Set-Cookie: JSESSIONID=C51BD2982C0EBB7DA73D40E7AE856B93; Path=/MySuperApp/; HttpOnly
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 883
Date: Tue, 27 Sep 2016 20:20:11 GMT
So basically, CORS didn't take effect at all...what could be possible missing, or is there any places I should check that the parameters may be overridden?
Upvotes: 0
Views: 4118
Answers (1)
Ian Roberts
Reputation: 122364
The CORS filter will only send back the Access-Control-* headers if the request specified an Origin header. Without an Origin it's not a CORS request.
Upvotes: 1
Related Questions
- Tomcat CORS filter
- How to enable CORS tomcat 8.5 filter to access static files?
- CORS Filter Tomcat 7 Not Working
- Enabling a CORS Response Filter in Tomcat 8.0
- Enable CORS on Tomcat 8.0.30
- CORS on Tomcat 6
- CORS issue with Tomcat
- Apache Tomcat 7 CORS Filter IE8, IE9 always return 403 response
- CORS filter tomcat 7 No 'Access-Control-Allow-Origin' header is present on the requested resource
- tomcat 7 cors filter