Cross-origin resource sharing for Tomcat 5.5

Question

I am new to Cross-origin resource sharing and I want to enable it in a Tomcat 5.5 server. Anybody can give me some hint how can this be achieved?

I want to set the header universally for all requests, and to allow all origins (Access-Control-Allow-Origin: *)

http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains — austin, Mar 08 '12 at 08:24
Sorry, but that does not answer to my question. It's fine for me to allow all domains (by using `*`), but what I need is to configure it for Tomcat. — Pablo, Mar 08 '12 at 08:44
Hi, I think the accepted answer is outdated, please consider switching to my answer below so that people have the chance to see there exists a standard mechanism in Tomcat now. — Johannes Jander, Apr 08 '15 at 13:36

Johannes Jander · Accepted Answer · 2015-11-02T08:42:05.497

23

If it's a static site, then starting with Tomcat 7.0.41, you can easily control CORS behavior via a built-in filter.

Pretty much the only thing you have to do is edit the global web.xml in CATALINA_HOME/conf and add the filter definition:

     <!-- ================== Built In Filter Definitions ===================== -->

      ...

     <filter>
       <filter-name>CorsFilter</filter-name>
       <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
     </filter>
     <filter-mapping>
       <filter-name>CorsFilter</filter-name>
       <url-pattern>/*</url-pattern>
     </filter-mapping>

    <!-- ==================== Built In Filter Mappings ====================== -->

Be aware, though, that Firefox does not like Access-Control-Allow-Origin: * and requests with credentials (cookies): when responding to a credentialed request, server must specify a domain, and cannot use wild carding.

edited Nov 02 '15 at 08:42

answered Sep 17 '13 at 14:22

Johannes Jander

4,974
2
31
46

1

+1, I think this was a perfect answer to the question. – DarkHorse Feb 07 '14 at 07:09
any way to have multiple domains without wildcard? firefox rejects commas in this header – FlavorScape Feb 24 '15 at 23:41
I tried to follow this answer, but I had no clue where in the xml hierarchy I should add this definition. Can somebody please add this clue to the answer, for the people that are not so falimiar with the particular xml hierarchy in web.xml? thanks! – Alkis Mavridis Sep 06 '18 at 11:12

monsur · Answer 2 · 2013-01-24T04:17:34.557

3

Here is a Tomcat filter for adding CORS support: https://bitbucket.org/jsumners/corsfilter

edited Jan 24 '13 at 04:17

answered Mar 08 '12 at 16:53

monsur

45,581
16
101
95

I am not able to figure out how does it helps to solve the question. – Sumit Ramteke Feb 07 '14 at 13:22

Cross-origin resource sharing for Tomcat 5.5

2 Answers2

Linked

Related