Confused about how to handle CORS OPTIONS preflight requests

by

I sat down and debugged through the org.apache.catalina.filters.CorsFilter to figure out why the request was being forbidden. Hopefully this can help someone out in the future.

According to the W3 CORS Spec Section 6.2 Preflight Requests, the preflight must reject the request if any header submitted does not match the allowed headers.

The default configuration for the CorsFilter cors.allowed.headers (as is yours) does not include the Authorization header that is submitted with the request.

I updated the cors.allowed.headers filter setting to accept the authorization header and the preflight request is now successful.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization</param-value>
    </init-param>     
</filter>

Of course, I’m not sure why the authorization header is not by default allowed by the CORS filter.

More Related Contents:

  1. AngularJS performs an OPTIONS HTTP request for a cross-origin resource
  2. CORS with spring-boot and angularjs not working
  3. How to skip the OPTIONS preflight request?
  4. AngularJS $http, CORS and http authentication
  5. No ‘Access-Control-Allow-Origin’ header is present on the requested resource- AngularJS
  6. ionic app cannot connect cors enabled server with $http
  7. WebAPI CORS with Windows Authentication – allow Anonymous OPTIONS request
  8. upload file from angularjs directly to amazon s3 using signed url
  9. how to convert the float 9.88 number to integer 9 in angularjs?
  10. How can I dynamically add a directive in AngularJS?
  11. Combating AngularJS executing controller twice
  12. AngularJS – Does $destroy remove event listeners?
  13. Difficulty with ng-model, ng-repeat, and inputs
  14. How to access cookies in AngularJS?
  15. Sending event when AngularJS finished loading
  16. AngularJS vs Angular [closed]
  17. AngularJS – pass function to directive
  18. AngularJS – How to structure a custom filter with ng-repeat to return items conditionally
  19. Angularjs: input[text] ngChange fires while the value is changing
  20. Angular.js: How does $eval work and why is it different from vanilla eval?
  21. Chrome CORS error on request to localhost dev server from remote site
  22. AngularAMD + ui-router + dynamic controller name?
  23. how to inject dependency into module.config(configFn) in angular
  24. AngularJS : $q -> deferred API order of things (lifecycle) AND who invokes digest?
  25. Sharing data between directives
  26. Angular JS resizable div directive
  27. AngularJS CORS Issues
  28. Chrome not showing OPTIONS requests in Network tab
  29. “Uncaught Error: [$injector:unpr]” with angular after deployment
  30. creating a new directive with angularjs

Leave a Comment