CORS issue POST request (403 Forbidden) of App Android generated with Sencha CMD 6.5
Question
I am desperate. I am trying to generated a app Android (Front-end) with Sencha CMD 6.5 that send requests to Tomcat Server (Back-end).
The problem is the POST method , when App send the request in the header the "Origin" parameter is set to "file://" and the CORS of tomcat reject the request (Forbidden 403).
HEADER
Accept: */*
Accept-Encoding: gzip,deflate
Accept-Language: en-US;q=0.9
Connection: keep-aliv(e)
Content-Length: 39
Host: 192.168.1.91: 8080
Origin: file: //
Referer: -
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0(Linux;Android7.0;MI5Build/NRD90M;wv)AppleWebKit/537.36(KHTML,likeGecko)Version/4.0Chrome/64.0.3282.137MobileSafari/537.36
FILTER defined on tomcat 8.0 in web.xml
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The funny thing is that with the GET method not set anything in the Origin parameter and the Tomcat CORS accepts it.
There are only two solutions:
1.- Set the parameter Origin of header (I did not find anything in any forum, like this, like senchaforum, etc.)
2.- Modify CORS Filter of TOMCAT 8. (I did not find anything in any forum, like this, like senchaforum, etc.)
Please, can anybody help me? Thanks in advanced
Daniel
1 answers
solution1
0 2018-02-13 08:59:48
The solution is use ContainerResponseFilter, instead of filter of tomcat.
import javax.ws.rs.ext.Provider;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
@Provider
public class CORSResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext creq, ContainerResponseContext cres) {
MultivaluedMap<String, Object> headers = cres.getHeaders();
headers.add("Access-Control-Allow-Origin", "*");
headers.add("Access-Control-Allow-Headers", "Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers");
headers.add("Access-Control-Allow-Credentials", "false");
headers.add("Access-Control-Allow-Methods", "GET,POST,HEAD,OPTIONS,PUT");
//headers.add("Access-Control-Max-Age", "10");
}
}
I already tried this, in case someone thinks it would have worked with original filter:
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>false</param-value>
</init-param>
Welcome guys, I hope it help someone in the future.
Daniel
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.