CORS – Glassfish

Simply create the filter:

import java.io.IOException;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerResponseContext;
 import javax.ws.rs.container.ContainerResponseFilter;
 import javax.ws.rs.ext.Provider;
 @Provider
 public class RestResponseFilter implements ContainerResponseFilter{
 @Override
     public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException{
         responseContext.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
         responseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", "true");
         responseContext.getHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH");
         responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");
     }
 }

References

• https://stackoverflow.com/questions/10343892/glassfish-how-to-set-access-control-allow-origin-header

CORS flowchart

Cross-Origin Resource Sharing flowchart

CORS – Tomcat

CORS (CORS flowchart) is quite complex to understand but you absolutely need it if you want to write an app in “modern” javascript frameworks like angular.

The simplest way to enable CORS to Apache Tomcat for development is to:

1. create web.xml (if it does not exist already)
2. add the included filter. An example is shown below:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

References:

• https://stackoverflow.com/questions/24386712/tomcat-cors-filter
• https://stackoverflow.com/questions/1256593/why-am-i-getting-an-options-request-instead-of-a-get-request
• https://enable-cors.org/