Nginx Reverse Proxy to Allow CORS for Jasper Reports Server running on Tomcat Failing Preflight Request Access Control Check

Question

I have an Angular Web Application and I need it to communicate with a Jasper Reports Server REST API running on Apache Tomcat. The problem I'm currently having is to enable CORS.

I have tried to enable CORS with the Tomcat Configuration but I have given up on that and am looking to create a reverse proxy using Nginx.

Tomcat is running on 192.168.21.18:8080 and I can access the Jasper Reports Sever on 192.168.21.18:8080/jasperserver/. I am running the Angular Web Application using ng serve on my laptop.

I have tried creating the reverse proxy using the configuration below

server {
        listen 8081;

        server_name _;
        access_log      /var/log/nginx/tomcat-access.log;
        error_log       /var/log/nginx/tomcat-error.log;

        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';

        
        if ($request_method = 'OPTIONS') {

                add_header 'Access-Control-Allow-Origin' '*' always;
                add_header 'Access-Control-Allow-Credentials' 'true';
                add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
                add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';

                return 204;
        }

        location / {
                proxy_redirect          off;
                rewrite                 /(.*) /$1  break;
                proxy_set_header        X-Forwarded-Host $host;
                proxy_set_header        X-Forwarded-Server $host;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass              http://localhost:8080/;


        }

}

I am using the default Tomcat configuration and have only changed the configuration for the manager webapp. I have disabled the RemoteAddrValve in $CATALINA_HOME/webapps/manager/META-INF/context.xml

However, when I try to send a POST request to http://192.168.21.18:8081/jasperserver/rest_v2/reportExecutions I get this error.

Access to XMLHttpRequest at 'http://192.168.21.18/jasperserver/login.html' 
(redirected from 'http://192.168.21.18:8081/jasperserver/rest_v2/reportExecutions') 
from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't 
pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

As you can see, you are getting redirected from http://192.168.21.18:8081 to http://192.168.21.18 (default port 80).

While the exact logic behind URL generation depends on the code of JasperReports, servlet applications usually use the serverName and serverPort properties of the ServletRequest object to generate the authority part of the URL.

You need to configure NGINX to forward the Host header using:

proxy_set_header Host $http_host;

or

proxy_set_header Host $host:8081;

See this answer for the difference between the two directives;

Alternatively, you can hardcode those values in Tomcat's <Connector> configuration (cf. HTTP connector):

<Connector ...
           proxyName="192.168.21.18"
           proxyPort="8081" />

Remark: Since you don't use the RemoteIpValve, all those X-Forwarded-* headers you add to the request are never used by Tomcat.

Also, instead of using NGINX, you can configure a CorsFilter in your $CATALINA_BASE/conf/web.xml, so that it applies to all applications.