tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sjir Bagmeijer <sjir.bagmei...@basefarm.com>
Subject Tomcat Cors on 40x requests.
Date Fri, 20 May 2016 09:34:13 GMT
Hello,


We have some issues with getting cors to work for requests within the 40x status code range.

So we are curious if anyone else has gotten this to work perhaps?

I think our very first question actually is if cors is meant to be on 40x requests or only
on 20x requests?

Now our actual web.xml looks as following:
<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>http://tomcat.example.com,https://example.com
</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,soapaction</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>


If I would test this it actually works for all 200 requests:
curl -i -H "Origin:  https://tomcat.example.com" -H "Access-Control-Request-Method: GET" -H
"Access-Control-Request-Headers: Content-Type, soapaction" -X GET -i http://localhost:8080/lol/test
/1.json
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: https://tomcat.example.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control: public, max-age=10


However if I would do this on a requests that would generate a 404 requests it does not work:
curl -i -H "Origin:  https://tomcat.example.com" -H "Access-Control-Request-Method: GET" -H
"Access-Control-Request-Headers: Content-Type, soapaction" -X GET -i http://localhost:8080/lol/test
/xxx.json
HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Cache-Control: public, must-revalidate, max-age=10
Content-Type: application/json
Content-Length: 128
Date: Fri, 20 May 2016 09:28:42 GMT

What would we need to do to make it show those cors headers also on those 404 requests?, and
this counts the same for any kind of 401 requests (401 as in application authentication not
the tomcat authentication).

We would applicate any feedback or arguments if we do this wrong.


Thank you in advanced,
//Sjir Bagmeijer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message