Enable CORS on Tomcat 8.0.30


Appreciate any help.

I'm facing the problem with the CORS on my newly deployed Tomcat 8.0.30. I keep getting the error below. I am using as the API server address and is the address of my HTTP server.


No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '_http://' is therefore not allowed access. The response had HTTP status code 403.


Read through whole Tomcat documentation, added the cors filter under the tomcat web.xml, as well as the project web.xml, but nothing magic happens here, still getting the same error. Tried both minimal and advanced with init-param, same error.

I am using Spring 4 as my rest api framework. Any more configurations need to be done on the project coding part?

Here are the steps I've done so far:

<ul><li>add cors filter under web.xml, mininal config according to documentation, not working</li> <li>add cors filter under web.xml, full config, not working as well.</li> <li>tried to use cors filter from <a href="http://software.dzhuvinov.com/cors-filter.html" rel="nofollow">http://software.dzhuvinov.com/cors-filter.html</a>, still not working</li> </ul>

Any suggestions?

<a href="https://i.stack.imgur.com/2JEj2.png" rel="nofollow"><img alt="network response" class="b-lazy" data-src="https://i.stack.imgur.com/2JEj2.png" data-original="https://i.stack.imgur.com/2JEj2.png" src="https://etrip.eimg.top/images/2019/05/07/timg.gif" /></a>

<hr />

Add the web.xml configuration I've tried to change cors.allowed.origins to *, to,, all not working, remove credentials and maxage

<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value></param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <hr />

Suggested by Vishal, changing tomcat version from 8.0 to 8.5, still same issue

XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access. The response had HTTP status code 403.


I encountered this problem once and I developed a custom handler for a Jetty Web application.

Maybe it can help you.


import java.io.IOException; import org.eclipse.jetty.server.handler.HandlerWrapper; import org.eclipse.jetty.server.Request; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.ServletException; public class CORSHandler extends HandlerWrapper { public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; public CORSHandler() { super(); } public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { // Allow Cross-site HTTP requests (CORS) response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, "*"); // Accept Content-Type in header response.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, "content-type"); // Accept GET, POST, PUT and DELETE methods response.addHeader(ACCESS_CONTROL_ALLOW_METHODS, "GET,POST,PUT,DELETE"); if (_handler!=null && isStarted()) { _handler.handle(target,baseRequest, request, response); } } }


import java.io.IOException; import java.util.logging.Logger; import java.util.logging.FileHandler; import java.util.logging.Level; import java.util.logging.SimpleFormatter; import org.apache.cxf.transport.servlet.CXFServlet; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.springframework.web.context.ContextLoaderListener; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.eclipse.jetty.server.handler.HandlerWrapper; import com.example.config.AppConfig; import com.example.handlers.CORSHandler; import com.example.properties.*; public class Starter { public static void main( final String[] args ) throws Exception { Server server = new Server( 8080 ); // Register and map the dispatcher servlet final ServletHolder servletHolder = new ServletHolder( new CXFServlet() ); HandlerWrapper wrapper = new CORSHandler(); final ServletContextHandler context = new ServletContextHandler(); context.setContextPath( "/" ); context.addServlet( servletHolder, "/rest/*" ); context.addEventListener( new ContextLoaderListener() ); context.setInitParameter( "contextClass", AnnotationConfigWebApplicationContext.class.getName() ); context.setInitParameter( "contextConfigLocation", AppConfig.class.getName() ); wrapper.setHandler(context); server.setHandler(wrapper); server.start(); server.join(); } }


I've used the custom filter to accomplish this issue, I have no idea why offical tomcat cors filter is not working in my case, Any one can suggest the logic behind this, I am willing to try this out.

<a href="https://stackoverflow.com/questions/24386712/tomcat-cors-filter" rel="nofollow">Original Post from Tobia</a>

The code is modified from the link above.

import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; public class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); chain.doFilter(req, res); } public void destroy() { // TODO Auto-generated method stub } public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } }

web.xml configuration under current project

<filter> <filter-name>SimpleCORSFilter</filter-name> <filter-class>com.example.util.SimpleCORSFilter</filter-class> </filter> <filter-mapping> <filter-name>SimpleCORSFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>


  • CORS blocked in wso2 identity server
  • LC.exe file not found during build for .NET 4
  • How do I render a component when the data is ready?
  • making an array of bigInteger of size biginteger in java
  • Confused on how to find c and k for big O notation if f(x) = x^2+2x+1
  • selection file in a panel and visualize in another panel wxpython
  • iPad 2 Safari not showing progressive .jpg files
  • Data Member Validation - ISO 4217 (currency) and 639-1 (language)
  • Stop the background service after particular time in android
  • Processing dynamic MP3 URL
  • XtraGrid - Export To Excel
  • Directed graph linear algorithm
  • How to run Daphne Server (Django Channels) & workers in the background?
  • Draw 9 patch dotted /dashed line on Android
  • Unity Resources.load() won't work with external dll
  • Issue with Terrain Collision using Three.js
  • GTK3 + OpenGL for windows: multiple GtkGLArea (ie. OpenGL contexts)
  • Shiny - change the size (padding?) of dropdown menu (select tags) smaller
  • How to output data of primefaces DataGrid component by columns instead of by rows (transpose data)?
  • Why do you need 2 Javascript files for cross-platform Cordova plugin?
  • How to select multiple items from a List view - JavaFX 8
  • 'Edit' function for forum posts and such
  • select an input by value?
  • trigger ontouch event programmatically
  • Annotate objects in a queryset with next and previous object ids
  • Typeahead.js does give me suggestions but doesn't select them
  • PHPMailer return to AJAX
  • How convert html to BBcode in C#
  • Floating parent div grows to hypothetical width of floating child div
  • how to run ejabberd with Erlang on Heroku?
  • How to use Streams api peek() function and make it work?
  • How to specify generic type when the type is only known at runtime?
  • Stacked bar chart with continuous time-axis as x-axis
  • How to decleare char *const argv[] in swift [duplicate]
  • How to get rgb from transparent pixel in js
  • Codeigniniter insert data through models and controller
  • XEP-0166: Jingle protocol implementation for voice/video chat in iOS
  • WPF custom control and direct content support
  • PHP Permalinks.. how to change?
  • What does the “id” field in an Android “Google Play Music” broadcast intent correspond to?