1

I am getting the following CORS message:

Access to XMLHttpRequest at 'http://localhost:8080/ottoautomaatitv2/webservice?postitoimipaikka=mikkeli' 
from origin 'http://localhost:4200' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.

What I have done to try to fix the issue is to add a CORS filter, but that didn't solve the issue.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

The only way I can get around the issue is by using Google Chrome with a --user-data-dir="C:/Chrome dev session" --disable-web-security target, but this is not ideal for me. How do I enable Access-Control-Allow-Origin on Apache Tomcat?

aleksejjj
  • 1,405
  • 2
  • 18
  • 28
  • Is there any information included in your response after including the filter? Check the default options that will be included after defining the filter in the [docs](https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html). If none of the headers or other infos are included the filter may not be working as expected. – nortontgueno Feb 11 '19 at 19:33
  • do you need any help? – nortontgueno Feb 12 '19 at 10:17
  • 2
    Thanks, but I already answered my own question :) – aleksejjj Feb 12 '19 at 11:21
  • Awesome, pleasure to help :) – nortontgueno Feb 12 '19 at 11:22
  • Does this answer your question? [Access-Control-Allow-Origin: \* in tomcat](https://stackoverflow.com/questions/12383109/access-control-allow-origin-in-tomcat) – Josh Correia Feb 11 '21 at 21:06
  • In my case, my spring boot application is not able to access a json file kept in tomcat folder. it can access js and css files thougth. i tried the below configuration in web.xml file but no luck. starting chrome with --disable-web-security is working – Sharvari Nagesh Aug 13 '21 at 07:48

1 Answers1

5

I fixed the access-control-allow-origin header error given by an Angular app by adding a CORS filter alongside some attributes to web.xml of Tomcat.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>http://localhost:4200</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
aleksejjj
  • 1,405
  • 2
  • 18
  • 28