0

The application I am working on works in a way where the request is sent from the browser to server A, server A makes some modifications to the request and forwards it to server B. Server B returns the response to server A which in turn returns it to the browser(Browser <=> Server A <=> Server B).

At server A I need to modify/remove a particular header "access-control-allow-origin" from the response given by server B. I can't do that at B where the response is created since I don't have access to the code. I need to do this at A itself.

I tried using the HttpServletResponseWrapper( How do delete a HTTP response header? ) but I think it is useful only when the headers are not set already. In my case the headers are set and need to be modified/removed.

Community
  • 1
  • 1
adarsh hegde
  • 1,353
  • 2
  • 21
  • 43
  • Do you have a webserver in front of server A ? – M4ver1k Aug 10 '16 at 07:18
  • No. Server A itself is a webserver. Am I answering your question? – adarsh hegde Aug 10 '16 at 07:20
  • I mean, something like Apache where we can use mod_headers and remove the header – M4ver1k Aug 10 '16 at 07:20
  • Server A is apache tomcat. I am not sure if this can be done using the servlet API. – adarsh hegde Aug 10 '16 at 07:24
  • Apache tomcat is a servlet container, I was asking about Apache Web Server. My bad Apache is ambiguous name :) Im replying with a possible solution – M4ver1k Aug 10 '16 at 07:27
  • Please refer to the following answer [here](http://stackoverflow.com/a/7895292/957654). Hope that helps. –  Aug 10 '16 at 09:02
  • The easiest way to handle this if you have control of the responding server is to add a response header for: (Access-Control-Allow-Origin: *) –  Aug 10 '16 at 09:09
  • Possible duplicate of [How do delete a HTTP response header?](http://stackoverflow.com/questions/7895196/how-do-delete-a-http-response-header) – duelin markers Mar 17 '17 at 09:07

1 Answers1

0

Try this:

((org.apache.catalina.connector.Response)response).getCoyoteResponse()
    .getMimeHeaders()
    .removeHeader("access-control-allow-origin");

getCoyoteResponse() gets the underlying Response object which is where the headers are actually stored in a MimeHeaders object. MimeHeaders has a convenient removeHeader method, among others.

Note that I didn't actually test this, but it looks like it should work. Also, I found this in Tomcat 8.0.26 source, YMMV with a different version.

Mark Olsson
  • 320
  • 2
  • 8
  • response is not accessible as it is private in ResponseFacade. Using reflexion is not a nice way to access that. – zdary Sep 19 '19 at 03:44