Disable authentication for OPTIONS requests in Tomcat

Question

I have an API protected by basic auth. When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets rejected and thus my AJAX call is not allowed by the browser.

I tried to configure Tomcat to not authenticate OPTIONS requests but I don't manage to get it work.

Someone to help me to get it works?

Thanks :)

score 2 · Answer 1 · answered Oct 01 '15 at 14:23

2

I found the solution, I had to specify the list of HTTP methods on which the authentication was applied. Default is to apply on all methods.

answered Oct 01 '15 at 14:23

4e4c52

304
3
14

Where did you supply the list? To the AJAX call or to Tomcat? – Dr. McKay Oct 01 '15 at 18:04
To Tomcat configuration ;) – 4e4c52 Oct 02 '15 at 08:15
Where in tomcat did you edit that configuration? – Josh Correia Mar 08 '21 at 18:22

Disable authentication for OPTIONS requests in Tomcat

1 Answers1

Linked