Enable CORS for every request with Tomcat Server

Question

Without using a Servlet Filter, is there a way for Tomcat 9.0.12 to be configured (perhaps through catalina.properties) to allow all CORS request, all headers and just about every request?

Does this answer your question? [Set CORS header in Tomcat](https://stackoverflow.com/questions/16296145/set-cors-header-in-tomcat) — Josh Correia, Feb 11 '21 at 19:56

score 1 · Answer 1 · edited Feb 05 '20 at 08:46

Tomcat indeed supports CORS by adding a CorsFilter. The configurations are flexible enough to intercept all the requests if you need that (note the url-pattern) in the example below:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Now, this obviously has to be done at the level of the web application (changes in web.xml of the web application).

If you want to apply this filter "globally" (for all WARs possibly deployed on tomcat) then there is an option to configure a tomcat itself so that it will catch all the possible HTTP requests ever:

Add the aforementioned configurations into conf/web.xml and you're done.

A Side Note:

If you extend this filter or something and need some additional dependencies for some reason they can't be in the WARs of course, but have to be in the classpath of tomcat itself, so put the required libraries into lib folder (again, only if you need something like this)

Useful resources:

Edited answer to add some useful links. – Sergio A. Feb 05 '20 at 08:44 — Sergio A., Feb 05 '20 at 08:44

Enable CORS for every request with Tomcat Server

1 Answers1