java 在 Tomcat 8.0 中启用 CORS 响应过滤器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25442115/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Enabling a CORS Response Filter in Tomcat 8.0
提问by Gary O. Stenstrom
I am attempting to call a web service on one server from another (cross origin) using a fairly basic jQuery.ajaxPOST request.
我正在尝试使用相当基本的jQuery.ajaxPOST 请求从另一台(跨源)服务器上调用 Web 服务。
return $.ajax({
type: "POST",
url: "http://dev.hostname.com/ws/account/[email protected]?property_id=1&custnum=123456",
dataType:"json"
});
I am always getting the following errorresponse ...
我总是收到以下error回复...
XMLHttpRequest cannot load http://dev.hostname.com/ws/account/[email protected]?property_id=1&custnum=123456. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin
http://localhost:63342is therefore not allowed access.
XMLHttpRequest 无法加载 http://dev.hostname.com/ws/account/[email protected]?property_id=1&custnum=123456。请求的资源上不存在“Access-Control-Allow-Origin”标头。
http://localhost:63342因此不允许访问Origin 。
The web service is a Java-built Jersey based web service hosted on Apache Tomcat/8.0.8. I have tried sending the request as JSONP but that ran me into issues when attempting to handle the callbacks from the promise object. That's another post however ... As an alternative I decided to look into implementing a CORS Response solution. Now I am VERY new to Java programming and am not that comfortable with it so please bear with me.
Web 服务是托管在Apache Tomcat/8.0.8. 我尝试将请求作为 JSONP 发送,但是在尝试处理来自 promise 对象的回调时遇到了问题。然而,这是另一篇文章......作为替代方案,我决定研究实施 CORS 响应解决方案。现在我对 Java 编程非常陌生,对它不太熟悉,所以请耐心等待。
I have looked at two primary solutions for implementing CORS. One is to build a custom response filter. I could not get that to work but then discovered that since Tomcat 7.0 a filter is supposedly already provided. I have seen several posts on this second solution but had absolutely no luck with it. Using the guidelines provided in the Apache Tomcat DocumentationI added the following FILTER information to the web.xml file of the application (I have also tried adding it to the web.xml of the root and it didn't work there either).
我研究了两个用于实现 CORS 的主要解决方案。一种是构建自定义响应过滤器。我无法让它工作,但后来发现自从 Tomcat 7.0 以来,据说已经提供了一个过滤器。我已经看到了关于第二个解决方案的几个帖子,但绝对没有运气。使用Apache Tomcat 文档中提供的指南,我将以下 FILTER 信息添加到应用程序的 web.xml 文件中(我也尝试将其添加到根目录的 web.xml 中,但在那里也不起作用)。
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Since I am using Tomcat 8.0.8. I would have expected this to work, yet I continue to get the same error. Am I missing something?
由于我正在使用Tomcat 8.0.8. 我原以为这会起作用,但我继续遇到相同的错误。我错过了什么吗?
Thanks for your help.
谢谢你的帮助。
UPDATED
更新
I am adding the headers from Firebug when calling the service in Firefox. This is the Request header ...
在 Firefox 中调用服务时,我正在添加来自 Firebug 的标头。这是请求头...
Accept application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control no-cache
Connection keep-alive
Content-Length 0
Host dev.hostname.com
Origin http://localhost:63342
Pragma no-cache
Referer http://localhost:63342/keurig/default.html
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
This is the Response header
这是响应头
Content-Length 0
Content-Type text/plain
Date Thu, 21 Aug 2014 17:50:58 GMT
Server Apache-Coyote/1.1
I definitely do not see any of the "Access-Control-*" headers that would expect to be see in the response.
我绝对没有看到任何期望在响应中看到的“Access-Control-*”标头。
回答by Dilapidus
The CORS configuration provided here worked for me, but not until I had removed the space in 'Allowed Headers' after the comma in the last header.
此处提供的 CORS 配置对我有用,但直到我删除了最后一个标题中逗号后的“允许标题”中的空格。
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
Once I took out that space before "Last-Modified" I was in business.
一旦我在“最后修改”之前取出那个空间,我就开始做生意了。
回答by sdemurjian
The solution that fixed this issue in a legacy Struts 2 application running Apache Tomcat/8.0.43 was to add the CORS Filter before the Struts 2 filter in the web.xmlconfig file.
在运行 Apache Tomcat/8.0.43 的旧版 Struts 2 应用程序中修复此问题的解决方案是在web.xml配置文件中的 Struts 2 过滤器之前添加 CORS 过滤器。
