Origin is not allowed by Access-Control-Allow-Origin - how to enable CORS using a very simple web stack and guice

前端 未结 3 2051
北海茫月
北海茫月 2020-12-14 22:21

I am not sure if the issue is the technologies involved, or my understanding of the technologies.

I have an html5 application written in javascript and html hosted o

相关标签:
3条回答
  • 2020-12-14 22:36

    Adding this to your httpServletResponse at java side i.e. at server side code will fix the issue.

     httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
     httpServletResponse.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
     httpServletResponse.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
     httpServletResponse.addHeader("Access-Control-Max-Age", "1728000");
    
    0 讨论(0)
  • 2020-12-14 22:40

    Just put one line in your code file

    response.addHeader("Access-Control-Allow-Origin", "*");

    Replace * with your http://www.yoursite.com if you want to allow only for particular domain

    0 讨论(0)
  • 2020-12-14 22:47

    Do to the specific requirements of my application. The server needs to be seporate completly seporate from the client. The client should be able to connect to the communication server via any method it can.

    Since the first implementation of this application is going to be REST driven, I need to be able to accept rest from anywhere.

    In addition, I want a completly xml-less config, so I use Guice with an imbedded Jetty server. Since I do not have a web.xml file, I could not figure out how to set the headers to allow CORS.

    After alot of trial and error, and reading the guice documentation, I found how to add the CORS headers to the response leaving the server.

    The Guice ServletModule class allows you to add filters to your servlet context. This allows me to have all requests pass through a given servlet.

    Since I am trying to build a rest application that responds to CORS requests, i needed a filter that added the cors headers to the response of any request.

    So to enable cors in my embedded server using guice I built a filter that looks like this:

    @Singleton
    public class CorsFilter implements Filter{
    
        @Override
        public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain filterChain) throws IOException, ServletException {
    
            if(response instanceof HttpServletResponse){
            HttpServletResponse alteredResponse = ((HttpServletResponse)response);
            addCorsHeader(alteredResponse);
        }
    
        filterChain.doFilter(request, response);
        }
    
        private void addCorsHeader(HttpServletResponse response){
            //TODO: externalize the Allow-Origin
            response.addHeader("Access-Control-Allow-Origin", "*");
            response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
            response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
            response.addHeader("Access-Control-Max-Age", "1728000");
        }
    
        @Override
        public void destroy() {}
    
        @Override
        public void init(FilterConfig filterConfig)throws ServletException{}
    }
    

    Guice provides an abstract class that allows you to configure the Guice Servlet.

    The configuration module looks like this:

    public class RestModule extends ServletModule{
    
        @Override
        protected void configureServlets() {
            bind(MyServiceClass.class);
    
            // hook Jersey into Guice Servlet
            bind(GuiceContainer.class);
    
            // hook Jackson into Jersey as the POJO <-> JSON mapper
            bind(JacksonJsonProvider.class).in(Scopes.SINGLETON);
    
            Map<String, String> guiceContainerConfig = new HashMap<String, String>();
    
            serve("/*").with(GuiceContainer.class, guiceContainerConfig);
    
            filter("/*").through(CorsFilter.class);
        }
    }
    

    Now guice will add cors headers to every response. Allowing my pure HTML 5 application to talk to it, no matter where it is being served.

    0 讨论(0)
提交回复
热议问题