Set CORS header in Tomcat

by

If it’s a static site, then starting with Tomcat 7.0.41, you can easily control CORS behavior via a built-in filter.

References:

Pretty much the only thing you have to do is edit the global web.xml in CATALINA_HOME/conf and add the filter definition:

     <!-- ================== Built In Filter Definitions ===================== -->

      ...

     <filter>
       <filter-name>CorsFilter</filter-name>
       <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
     </filter>
     <filter-mapping>
       <filter-name>CorsFilter</filter-name>
       <url-pattern>/*</url-pattern>
     </filter-mapping>

    <!-- ==================== Built In Filter Mappings ====================== -->

Be aware, though, that Firefox does not like Access-Control-Allow-Origin: * and requests with credentials (cookies): when responding to a credentialed request, server must specify a domain, and cannot use wild carding.

If you want to debugs requests in this situation, please be aware that CORS headers are only sent if there is a cross-origin request according to this flow-chart. CORS flow chart

(tomcat.apache.org/tomcat-8.0-doc/images/cors-flowchart.png)

More Related Contents:

  1. Simplest way to serve static data from outside the application server in a Java web application
  2. How to set the context path of a web application in Tomcat 7.0
  3. Servlet 5.0 JAR throws compile error on javax.servlet.* but Servlet 4.0 JAR does not
  4. Why must the JDBC driver be put in TOMCAT_HOME/lib folder?
  5. How to change the ROOT application?
  6. How to change the port of Tomcat from 8080 to 80?
  7. How to config Tomcat to serve images from an external folder outside webapps? [duplicate]
  8. Adding an external directory to Tomcat classpath
  9. How can I specify system properties in Tomcat configuration on startup?
  10. IntelliJ and Tomcat….changed files are not automatically recognized by Tomcat
  11. Tomcat 10.x throws java.lang.NoClassDefFoundError on javax.servlet.* [duplicate]
  12. Absolute path & Relative Path
  13. Is it possible change date in docker container?
  14. Get ServletContext in JAX-RS resource
  15. Tomcat Server/Client Self-Signed SSL Certificate
  16. Tomcat 8 Maven Plugin for Java 8
  17. Increase Tomcat memory settings [duplicate]
  18. Tomcat manager remote deploy script
  19. Custom java.util.logging Handler in tomcat
  20. 403 Access Denied on Tomcat 8 Manager App without prompting for user/password
  21. Is security-constraint configuration for Tomcat mandatory?
  22. How to pass tomcat port number on command line?
  23. Retrieve current Windows user in Java EE web application for Single Sign On purposes
  24. Error starting Tomcat from NetBeans – ‘127.0.0.1*’ is not recognized as an internal or external command
  25. Is there a way to enforce a deployment order in tomcat6?
  26. How do I load a java class (not a servlet) when the tomcat server starts [duplicate]
  27. JBoss vs Tomcat again [closed]
  28. How does Tomcat find the HOME PAGE of my Web App?
  29. SSL, Tomcat and Grails
  30. how to build server level custom error page in tomcat?

Leave a Comment