问题
I am new to Cross-origin resource sharing and I want to enable it in a Tomcat 5.5 server. Anybody can give me some hint how can this be achieved?
I want to set the header universally for all requests, and to allow all origins (Access-Control-Allow-Origin: *)
回答1:
If it's a static site, then starting with Tomcat 7.0.41, you can easily control CORS behavior via a built-in filter.
Pretty much the only thing you have to do is edit the global web.xml in CATALINA_HOME/conf and add the filter definition:
<!-- ================== Built In Filter Definitions ===================== -->
...
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ==================== Built In Filter Mappings ====================== -->
Be aware, though, that Firefox does not like Access-Control-Allow-Origin: * and requests with credentials (cookies): when responding to a credentialed request, server must specify a domain, and cannot use wild carding.
回答2:
Here is a Tomcat filter for adding CORS support: https://bitbucket.org/jsumners/corsfilter
来源:https://stackoverflow.com/questions/9614605/cross-origin-resource-sharing-for-tomcat-5-5