How to enable CORS in apache tomcat
Solution 1
CORS support in Tomcat is provided via a filter. You need to add this filter to your web.xml
file and configure it to match your requirements. Full details on the configuration options available can be found in the Tomcat Documentation.
Solution 2
Check this answer: Set CORS header in Tomcat
Note that you need Tomcat 7.0.41 or higher.
To know where the current instance of Tomcat is located try this:
System.out.println(System.getProperty("catalina.base"));
You'll see the path in the console view.
Then look for /conf/web.xml on that folder, open it and add the lines of the above link.
Solution 3
Just to add a bit of extra info over the right solution. Be aware that you'll need this class org.apache.catalina.filters.CorsFilter. So in order to have it, if your tomcat is not 7.0.41 or higher, download 'tomcat-catalina.7.0.41.jar' or higher ( you can do it from http://mvnrepository.com/artifact/org.apache.tomcat/tomcat-catalina ) and put it in the 'lib' folder inside Tomcat installation folders. I actually used 7.0.42 Hope it helps!
Related videos on Youtube
Ravi Dasari
Updated on January 22, 2021Comments
-
Ravi Dasari over 3 years
I am trying to consume some web services which are cross domain. When I disable chrome's web-security it is working fine. I want it to work without this so I have tried adding cross-domain.xml and still it didnt work. When i searched more, came to know about CORS enabling in tomcat.
from http://www.w3.org/wiki/CORS_Enabled
For Apache Apache can be configured to expose this header using mod_headers. This is enabled by default in Apache, however you may want to ensure it's enabled in your deployment by running the following command:
a2enmod headers
To expose the header, you can add the following line inside , , and sections, or within an .htaccess file.
<IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>
Can anyone please let me know where to add these configurations in TOMCAT and in which files exactly. I am using tomcat from eclipse.
Appreciate any help.
-
Ravi Dasari about 10 yearsThanks for your reply. But I have added that in my Web.xml and even tried using a servlet interceptor for adding header parameter for all responces with response.setHeader("Access-Control-Allow-Origin","*"). But it is not working.
-
ankon over 8 yearsInstead of polluting the tomcat directory with different versions, it is probably better to suggest updating Tomcat 7.0.41 or higher.
-
Francisco López-Sancho over 8 yearsSounds about right :)
-
Tanvi Garg over 6 yearsEven I have changed my configurations for web.xml and added response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); But still facing the same issue. Can anyone help.
-
Tanvi Garg over 6 yearsThis is not working, I have tried this.
-
hvsp about 4 yearsThis is an old thread. But if you are reading this comment chances are that you have already configured your tomcat correctly. The CORS headers like allowed-origin are only exposed to request that do have a ORIGIN header set. So if you are only rushing through documentation like me, you might be checking the dev tools of your browser and wondering where your headers are. Try this for testing: curl -I -H 'Origin: example.com' localhost:8080
-
Eli Halych over 3 yearsCan the same be done not only for CORS, but in general to allow certain methods overall?