CORS issue with Tomcat and Android Webview

Question

I am facing a strange problem with Tomcat 8 and CORS. I am developing a Hybrid web app using ionicframework, AngularJS, Cordova as front end and Tomcat 8 and Spring 3 as back-en

Answer 1

There is an alternative solution by using a further CORS class, different from the one of Tomcat. You can find the Java class at CORS filter.

To install it, down the GITHUB file and unzip it. Create a new package in your Java project (call it "org.ebaysf.web.cors"). Copy the Java class "CORSFilter" into this package. Then, in web.xml of your project replace the old CORS section with this one:

    CORS Filter
    org.ebaysf.web.cors.CORSFilter
    
        cors.allowed.origins
        http://localhost,https://localhost,http://localhost:8100,https://localhost:8100,file://
    
    
        cors.allowed.methods
        GET,POST,HEAD,OPTIONS,PUT
    
    
        cors.allowed.headers
        Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization
    
    
        cors.exposed.headers
        Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Authorization
    
    
        cors.support.credentials
        true
    
    
        cors.preflight.maxage
        1800
    
    
        cors.logging.enabled
        true
    


    CORS Filter
    /rest/*

Have a closer look at my "cors.allowed.origins" parameter. You need this for IONIC. (Note: with this filter it is not allowed to use cors.allowed.origins = "*"). Adapt the "url-pattern" to your needs.

Hopefully, in a future Tomcat version, this work-around won't be needed anymore :-)