You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Leo Donahue - RDSA IT <Le...@mail.maricopa.gov> on 2013/05/21 17:34:24 UTC
CORS on Tomcat?
Does Tomcat support setting this header on the server?
Header set Access-Control-Allow-Origin "*"
If yes, where do we set it?
Leo
RE: CORS on Tomcat?
Posted by Leo Donahue - RDSA IT <Le...@mail.maricopa.gov>.
>-----Original Message-----
>From: Leo Donahue - RDSA IT [mailto:LeoDonahue@mail.maricopa.gov]
>Sent: Tuesday, May 21, 2013 9:33 AM
>To: Tomcat Users List
>Subject: RE: CORS on Tomcat?
>
>B
>KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
>KKKKKKKKKCB [ X ܚX KK[XZ[
>
> \ \ ][ X ܚX P X ]
> \X K ܙ B ܈Y][ۘ[ [X[ K[XZ[
>
> \ \ Z[ X ]
> \X K ܙ B
Um. I didn't say that.
RE: CORS on Tomcat?
Posted by Leo Donahue - RDSA IT <Le...@mail.maricopa.gov>.
>-----Original Message-----
>From: Leo Donahue - RDSA IT [mailto:LeoDonahue@mail.maricopa.gov]
>Subject: RE: CORS on Tomcat?
>
>>-----Original Message-----
>>From: Christopher Schultz [mailto:chris@christopherschultz.net]
>>Subject: Re: CORS on Tomcat?
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA256
>>
>>Leo,
>>
>>On 5/21/13 11:34 AM, Leo Donahue - RDSA IT wrote:
>>> Does Tomcat support setting this header on the server?
>>>
>>> Header set Access-Control-Allow-Origin "*"
>>>
>>> If yes, where do we set it?
>>
>>You should know how to do this by now: url-rewrite.
>
>Thanks Chris. But.. but.. Apache has it...
>
>I wanted to avoid using a proxy that turns lengthy GET requests into POST
>requests for one of our REST based web apps. I was reading online where
>Cross Origin Resource Sharing was possible on some servers. Specifically here:
>http://enable-cors.org/server.html
>
I realize I can set the header in the response, but was hoping this can be something we set on the server for a specific context maybe?
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Request-Method", "GET,POST");
Before IE supported this, Firefox did, which made it nice for some users who wanted to make an cross origin ajax requests to one of our servlets.
Re: CORS on Tomcat?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Rainer,
On 5/21/13 1:07 PM, Rainer Jung wrote:
> On 21.05.2013 18:20, Leo Donahue - RDSA IT wrote:
>>> -----Original Message----- From: Christopher Schultz
>>> [mailto:chris@christopherschultz.net] Subject: Re: CORS on
>>> Tomcat?
>>>
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>>
>>> Leo,
>>>
>>> On 5/21/13 11:34 AM, Leo Donahue - RDSA IT wrote:
>>>> Does Tomcat support setting this header on the server?
>>>>
>>>> Header set Access-Control-Allow-Origin "*"
>>>>
>>>> If yes, where do we set it?
>>>
>>> You should know how to do this by now: url-rewrite.
>>
>> Thanks Chris. But.. but.. Apache has it...
>>
>> I wanted to avoid using a proxy that turns lengthy GET requests
>> into POST requests for one of our REST based web apps. I was
>> reading online where Cross Origin Resource Sharing was possible
>> on some servers. Specifically here:
>> http://enable-cors.org/server.html
>
> I guess Chris meant the Tuckey urlrewrite filter
> (http://tuckey.org/urlrewrite/) which can be used in Tomcat.
Hah! Yes, I guess copy/paste doesn't work-out well when you don't
bother to actually read what was in the paste buffer.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJRm77BAAoJEBzwKT+lPKRYkmkP+wQNMmoUhpxEBo+V49IVDxVJ
C11Nqny6A2q2L90DxJUekC5QFAHL0Qdo37u62qV7iF4Ao7cvfnnMhTruTbm8Gdz5
+WeJI+TcBTAx1pVg/RxZBwGUy4vIrV/ivJUufl1/77LV8lyP8BQloZOG6K5zvrd8
fLEK315sPwysMfAtqfo2HMjogFzkMiiNQYHfAZJ+tXFRepMgXm4vaV3NTaMljmHB
P7Fuy/TtPaoS4MzOgzoFVeVATJFC4UVRQg9IKAjX2EcK5oK18BsyGxz8XRI8Ikby
4XAWvEqS898B7tshBWNRSyBjynf0x8BQtjoTFwMNv0gvPNm1l9xd/WDo/LvwAPx/
mH4ybnvL3phWJJkybmynRA8x4b0+x81/EMtU1H1LYXcednfN5awncOvJLXQXQGYH
M99MP7aappHjzJQkqb/EHNSdIs3I5EAs/R0u1LYylgYsUcqTeduJWsYb87m3uaNS
wx1x1vIuvpExTdXsIXLL5FRWvzwM7aEzSl7Sc47Kya3qty9s+ayU8FYSXN9hvm0A
vCtlKwPDV24J1KXIv5uL0/VGNfmhKZ7guzx6hcgxIQrY7LAENBbNdWjVzpc3l5iY
xmBxLuc6IQB+ExN/pW3h1NY2rcOnyTzs3N7flmh3WeMeiETaTGgoUDmNgMXfK2ph
gewuihyd6I5uIIXsb/7M
=cyQ7
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: CORS on Tomcat?
Posted by Rainer Jung <ra...@kippdata.de>.
On 21.05.2013 18:20, Leo Donahue - RDSA IT wrote:
>> -----Original Message-----
>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>> Subject: Re: CORS on Tomcat?
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Leo,
>>
>> On 5/21/13 11:34 AM, Leo Donahue - RDSA IT wrote:
>>> Does Tomcat support setting this header on the server?
>>>
>>> Header set Access-Control-Allow-Origin "*"
>>>
>>> If yes, where do we set it?
>>
>> You should know how to do this by now: url-rewrite.
>
> Thanks Chris. But.. but.. Apache has it...
>
> I wanted to avoid using a proxy that turns lengthy GET requests into POST requests for one of our REST based web apps. I was reading online where Cross Origin Resource Sharing was possible on some servers. Specifically here: http://enable-cors.org/server.html
I guess Chris meant the Tuckey urlrewrite filter
(http://tuckey.org/urlrewrite/) which can be used in Tomcat.
Look for "response-header" in
http://urlrewritefilter.googlecode.com/svn/trunk/src/doc/manual/4.0/guide.html.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: CORS on Tomcat?
Posted by Mark Thomas <ma...@apache.org>.
On 21/05/2013 17:20, Leo Donahue - RDSA IT wrote:
>> -----Original Message-----
>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>> Subject: Re: CORS on Tomcat?
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Leo,
>>
>> On 5/21/13 11:34 AM, Leo Donahue - RDSA IT wrote:
>>> Does Tomcat support setting this header on the server?
>>>
>>> Header set Access-Control-Allow-Origin "*"
>>>
>>> If yes, where do we set it?
As of Tomcat 7.0.41 Tomcat will ship with a filter than implements the
CORS specification.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: CORS on Tomcat?
Posted by Leo Donahue - RDSA IT <Le...@mail.maricopa.gov>.
>-----Original Message-----
>From: Christopher Schultz [mailto:chris@christopherschultz.net]
>Subject: Re: CORS on Tomcat?
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>Leo,
>
>On 5/21/13 11:34 AM, Leo Donahue - RDSA IT wrote:
>> Does Tomcat support setting this header on the server?
>>
>> Header set Access-Control-Allow-Origin "*"
>>
>> If yes, where do we set it?
>
>You should know how to do this by now: url-rewrite.
Thanks Chris. But.. but.. Apache has it...
I wanted to avoid using a proxy that turns lengthy GET requests into POST requests for one of our REST based web apps. I was reading online where Cross Origin Resource Sharing was possible on some servers. Specifically here: http://enable-cors.org/server.html
>
>If you are using this with the CSRF prevention filter, you probably want to also
>mention those other domains in the "entryPoints" attribute.
>
>- -chris
Re: CORS on Tomcat?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Leo,
On 5/21/13 11:34 AM, Leo Donahue - RDSA IT wrote:
> Does Tomcat support setting this header on the server?
>
> Header set Access-Control-Allow-Origin "*"
>
> If yes, where do we set it?
You should know how to do this by now: url-rewrite.
If you are using this with the CSRF prevention filter, you probably
want to also mention those other domains in the "entryPoints" attribute.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJRm5ptAAoJEBzwKT+lPKRYeFsQAKbKt+E7+QqgyojS1+clM5YL
SraSTcCzv/Dw9n2A7p4jqv4t+pXU149+L/KKLAdOKMCXZtX7o+Ag8yAlsly/QJ4Y
mX9QDn1gfTPF6+vd26qUvnaF3WCs+ras5OCKhtpvrd99/DoKcoKwxGIYbmYp/Nyp
2a+x8tdU9T8z8YesiXUC+9Aa+pRjKnG7iBFgJmcPEMQZffXHmjfbGK4IWJ4WJYx/
wGjaS/tDlcrhrPy0QmG5e9y3PokrNdyS4nVYDjSBSGuqYby0Uvqo1OL4WvYmGXU0
gScHa6q7nuQR/kim4q2BpjqO09uqmqYl1tddNF1dRgMktEcO0jW5jJUFns/FaEDK
qkKz95++U1fSwmaCNPdTRV7+Fz/jgZMN70BQoJHc258/ScMz1Hi9qoMDBYmzuyp6
esVQiwMZ/ogMKqjfHtxll9XPcilxC1B1tKYxxVef1K1Gebum10mD7HZ/zbq6HcRd
EKXth9LzYCGsUXwNeplhlpDEirtO6nk3/EZMdTZFavLGxhZtGAZFNaNnzGNh/por
2mbOXR+VVmAML1W7qEljLVn8qmKGwkw9c8lwuY322r/oHaq4d1JmqOd/df2UqvfY
Qhv2DO/xl9XimOT0uCEmhC0Qa1Oazm4pXfW5d5co+eXlhj0VSKAAn2RAPDxhvEVD
lIIa6/f/HxuQoBEzQJTP
=+rfT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org