4

First, this may be marked as duplicate question, but the other questions were not answered at all.I think no one found it interesting.

I wanted to enable Cross-Site requests in my tomcat server. Google shows that in apache, we can enable a cross site by adding 

Access-Control Allow-Origin.

How to get this done in tomcat . I would like two things, First opening access to everyone and second, access for limited sites.

Is it Possible and if so, how can it be done.

How come API's are working , if Cross Site requests are not possible. I can send some data to Paypal server and i get response back. I know that's done in some server side languages(Java,PHP). But i want to know if it's possible from Java Script too,

Manikandaraj Srinivasan
  • 3,557
  • 5
  • 35
  • 62
  • Does this have anything to do with Apache Tomcat? If this is being done in the browser, then the server is not relevant. – Christopher Schultz Jul 18 '12 at 15:41
  • Actually for Cross-Site requests with JavaScript works only when the Domain is allowed in Tomcat Server or other web server i hope. Or Is it the problem with the browser, if so , then why apache provides "Access Control Allow Origin mysite.com" – Manikandaraj Srinivasan Jul 18 '12 at 17:13
  • "Access-Control" is not a recognized Apache httpd configuration directive. Perhaps you are serving a file using httpd that controls some other product like Adobe Flash Player? – Christopher Schultz Jul 18 '12 at 19:37
  • I forgot where i got those apache directives, but these links tell they exist http://serverfault.com/questions/136428/header-set-access-control-allow-origin-not-working-with-mod-rewrite-mod-jk http://stackoverflow.com/questions/6329655/access-control-allow-origin-headers-not-working – Manikandaraj Srinivasan Jul 19 '12 at 07:50
  • These are HTTP response headers, not Apache httpd configuration directives. You can use mod_headers to set them on all (or some) responses, but it's only a coincidence that they affect the client. – Christopher Schultz Jul 19 '12 at 20:37

1 Answers1

3

I think i found a way for this, when sending Response from the Tomcat Server i.e from Servlets, set the Response Header to have these

Response.setHeader("Access-Control-Allow-Origin","http://www.myserver.com");

And as Chris Commented, it's not in Apache directives.It's only in Response Headers. Hope it's helpful for someone who is trying Cross Domain requests.

Manikandaraj Srinivasan
  • 3,557
  • 5
  • 35
  • 62
  • Note that this is *not* a directive: it's an HTTP response header. – Christopher Schultz Jul 19 '12 at 20:36
  • 1
    This line looks like a static method call on a class named "Response". I assume it's meant as a method call on an object named "Response" and I used this code in my "doGet" method of my servlet that extends the HttpServlet class. This didn't work for me. Please supply more details about where this goes and how it works. – Jason Apr 09 '13 at 01:44
  • Example : My Python Code in Response: headers = [('Content-type', 'text/plain'), ('Content-Length', str(len(response_body))), ('Access-Control-Allow-Origin', '*'), ('Access-Control-Allow-Methods', 'POST, OPTIONS') – Manikandaraj Srinivasan May 02 '13 at 09:28
  • public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Response.setHeader("Access-Control-Allow-Origin","http://www.myserver.com"); PrintWriter out = response.getWriter(); out.println(resp); out.close(); } – Manikandaraj Srinivasan May 02 '13 at 10:15
  • which Response class is this? i man whats fully qualified name – Saurabh Jun 28 '16 at 06:11