Trouble-shooting CORS in Play Framework 2.4.x
I have a java play framework 2.4.x web app providing a JSON/HTTP API. When I run my front-end HTML/JS file:///Users/nize/tmp/index.html calling the API on
-
I was experiencing a similar issue, I was getting 403's on requests. I solved a the problem by removing the:
allowedHttpHeaders=["Accept"]that they use in their example configuration. I'm still not clear what the security implications of that are, however, so YMMV.
讨论(0) -
filters = "filters.Filters" play.filters { cors { # The allowed origins. If null, all origins are allowed. allowedOrigins = null # The allowed HTTP methods. If null, all methods are allowed allowedHttpMethods = null # The allowed HTTP headers. If null, all headers are allowed. allowedHttpHeaders = null } } public class Filters implements HttpFilters { @Inject private CORSFilter corsFilter; public EssentialFilter[] filters() { return new EssentialFilter[] { corsFilter.asJava() }; } }讨论(0) -
I think the CORS filter in Play does not work! I followed step by step as but somehow I always got HTTP-403 in the browser (Chrome and Firefox) in Ajax calls. Problem is I don't even get stacktrace on server side. I think
DefaultHttpErrorHandlerin the CORS filter somehow gulp that. In the response "Access-Control-Allow-Origin" header was missing so I just manually added that.class Filters @Inject() (corsFilter: CORSFilter, log: LoggingFilter) extends HttpFilters { def filters = { // CORS filter does not work //Seq(corsFilter, log) Seq(log) } }This is the logging filter (Credit: Play! framework)
class LoggingFilter extends Filter { def apply(nextFilter: RequestHeader => Future[Result])(requestHeader: RequestHeader): Future[Result] = { val startTime = System.currentTimeMillis nextFilter(requestHeader).map { result => val endTime = System.currentTimeMillis val requestTime = endTime - startTime Logger.info(s"${requestHeader.method} ${requestHeader.uri} " + s"took ${requestTime}ms and returned ${result.header.status}") result.withHeaders( "Request-Time" -> requestTime.toString, "Access-Control-Allow-Origin" -> "*" // Added this header ) } } }讨论(0) -
First add/edit these lines(configurations) into your conf/application.conf
play.filters.cors { # allow all paths pathPrefixes = ["/"] # allow all origins (You can specify if you want) allowedOrigins = null allowedHttpMethods = ["GET", "POST", "PUT", "DELETE"] # allow all headers allowedHttpHeaders = null }(Note that lines starting with '#' are commented lines.)
Then go to build.sbt and add this line.
libraryDependencies += filtersFinally make a Java Class named 'Filters.java' and include this to the root directory(/app).
import play.api.mvc.EssentialFilter; import play.filters.cors.CORSFilter; import play.http.HttpFilters; import javax.inject.Inject; public class Filters implements HttpFilters { @Inject CORSFilter corsFilter; public EssentialFilter[] filters() { return new EssentialFilter[] { corsFilter }; } }You can refer official documentation for more information.
讨论(0) -
I had the same problem while following the same documentation.
Problem is with this CORS filter that you have used:
allowedOrigins = ["*","http://localhost"]If you want to allow all origins use:
allowedOrigins = nullFollow the same for
allowedHttpMethodsThis is as per the documentation
To quote:
The allowed origins. If null, all origins are allowed.
allowedOrigins = nullHope this helps!
讨论(0) -
This will probably not solve the problem for the poster, but it solved the problem for me when I had the same symptoms, and I am posting it in case it can help others in the same situation.
I had actually misunderstood how CORS is working. I have two separate Play applications, one with a REST API and one with a web interface using the REST API. I followed the instructions in the documentation page mentioned in the question, but my mistake was that I did it on the web interface application. When I instead did it on the REST API application, it worked immediately.
讨论(0)
加载中...
- 热议问题