RESTful webservice : how to set headers in java to accept XMLHttpRequest allowed by Access-Control-Allow-Origin

Question

I have a RESTful webservice which will return string and it was written in Java (JAX-WS). My problem is when I send request to that webservice with URL like :

http://localhost:8080/project/webservices/getlist/getListCustomers

In the console it's giving me the error message below:

XMLHttpRequest cannot load url Origin localhost is not allowed by Access-Control-Allow-Origin

How can I handle this issue?

Java code:

@GET
@Path("/getsample")
public Response getMsg() { 
    String output = "Jersey say : " ;   
    return Response.status(200).entity(output).build();
}

You mean JAX-RS. JAX-WS is a SOAP. – Yuriy N. May 27 '20 at 14:40 — Yuriy N., May 27 '20 at 14:40

Knight of Ni · Accepted Answer · 2013-08-16T12:54:51.667

Read here about your issue CORS : http://enable-cors.org/

Check if this one help you in your getMsg() method:
return Response.ok(output).header("Access-Control-Allow-Origin", "*").build();

If above doesn't work try to add Jersey filter to your service. Create filter class:

package your.package;

public class CORSFilter implements ContainerResponseFilter {

    @Override
    public ContainerResponse filter(ContainerRequest creq, ContainerResponse cresp) {

        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Origin", "*");
        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Credentials", "true");
        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS, HEAD");
        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With");

        return cresp;
    }
}

And register later win web.xml with:

<servlet>
<servlet-name>CORS Filter</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
 <init-param>
    <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
    <param-value>your.package.CORSFilter</param-value>
 </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>CORS Filter</servlet-name>
    <url-pattern>/webservices/*</url-pattern>
</servlet-mapping>

Another solution is to use this code inside your resource to provide OPTIONS for the browser. Put this in the class where you have @GET.

  @OPTIONS
  @Path("/getsample")
  public Response getOptions() {
    return Response.ok()
      .header("Access-Control-Allow-Origin", "*")
      .header("Access-Control-Allow-Methods", "POST, GET, PUT, UPDATE, OPTIONS")
      .header("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With").build();
  }

If non of this work, try to exchange the "*" provided for "Access-Control-Allow-Origin" header with your custom domain where you access this resource. I.g. If you call this from http://localhost::8080 use something like this ("Access-Control-Allow-Origin", "http://localhost:8080") instead of asterisk "*".

this change working on IE, not working on chrome still same issue — ChiranjeeviIT, Aug 16 '13 at 05:41
after long research, your solution seems to be better and good, thanks for your reply, keep me updated if you find any permanent solution. — ChiranjeeviIT, Aug 20 '13 at 10:52
I go through the same CORS problem last time. I was surprised by many solutions on the internet. Everyone has something which works for him. For me the Jersey filter works pretty good. Permanent solution would be one which works for you. Are you be able to run the rest request? — Knight of Ni, Aug 20 '13 at 14:32
yes, rest request is working fine there is no issues with it, but only problem when i am launching it from ajax request. — ChiranjeeviIT, Aug 20 '13 at 15:36
but still no luck with ajax via CORS? If you get the error from your question this is probably not an ajax itself, but you run your page form one url address and ajax'es the other url address (this is CORS). Is it your case? — Knight of Ni, Aug 20 '13 at 15:57
Thank you sir, I was able to solve the issue with return Response.ok(output).header("Access-Control-Allow-Origin", "*").build(); — Milinda Bandara, Jul 22 '15 at 14:07
GET works fine but when I try POST then I get 'Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.' error. How do I solve that? — Fahad Mullaji, Oct 28 '16 at 23:22

RESTful webservice : how to set headers in java to accept XMLHttpRequest allowed by Access-Control-Allow-Origin

1 Answers1

Linked