泽西岛，宁静的网络服务，跨域访问拒绝

Question

I use netbeans to create restful web service and got the error of "cross domain access deny"

I have add the "cross origin resource filter"

following is my code.

@Provider
public class CrossOriginResourceSharingFilter implements ContainerResponseFilter {

@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) {
    response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
    response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
    response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type");
}

}

and

@javax.ws.rs.ApplicationPath("webresources")
public class ApplicationConfig extends Application {

@Override
public Set<Class<?>> getClasses() {
    Set<Class<?>> resources = new java.util.HashSet<>();
    addRestResourceClasses(resources);
    return resources;
}

private void addRestResourceClasses(Set<Class<?>> resources) {
    resources.add(WebService.CategoryFacadeREST.class);
    resources.add(WebService.CrossOriginResourceSharingFilter.class);
    resources.add(WebService.ProductFacadeREST.class);
    resources.add(WebService.ReviewFacadeREST.class);
}   
}

Answer 1

I assume the problem is, that only the Content-Type header is allowed in Access-Control-Allow-Headers . Please look for a header Access-Control-Request-Headers in the request... set the content in the Access-Control-Allow-Headers header or try this code:

String reqHead = requestContext.getHeaderString("Access-Control-Request-Headers");
if (null != reqHead && !reqHead.equals("")) {
    responseHeaders.putSingle("Access-Control-Allow-Headers", reqHead);
}

In general: for security reasons you should not use wildcards and code like this in the production environment.