Preflight OPTIONS request to SOAP service does not work

问题

What I want to do: Call a cross-domain SOAP-Service from JavaScript using jQuery with the jQuery Soap plugin (by Remy Blom). (that is, I call $.soap(); in JavaScript)

What I did: CORS Setting on the server side (CXF) are working (using the org.eclipse.jetty.servlets.CrossOriginFilter), so the following is present in the answer:

Access-Control-Allow-Head...    X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Meth...    GET,POST,OPTIONS,HEAD
Access-Control-Allow-Orig...    http://localhost:8082
Content-Type                    application/soap+xml;charset=UTF-8

What is missing: Firefox and Chrome send preflight OPTIONS requests prior to the POST request for the SOAP call. Obviously SOAP does not allow the OPTIONS verb.

It does not work with SoapUI (5.0) as well as CXF (2.7.7). It is even stated in a comment in org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor line 130ff:

/*
 * Reject OPTIONS, and any other noise that is not allowed in SOAP.
 */

So, my question is: How can I modify my SOAP servcie implementation (using CXF), such that the OPTIONS request returns successfully?

回答1:

Even if it's a little bit late, I had the same problem recently and maybe it will help future travelers.

In the case of an OPTIONS request you may not continue with the FilterChain. I created a simple CORSFilter, which looks like this:

import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*

public class CORSFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {}

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        resp.addHeader("Access-Control-Allow-Origin", "*");
        resp.addHeader("Access-Control-Allow-Methods", "GET, POST");
        resp.addHeader("Access-Control-Allow-Headers", req.getHeader("Access-Control-Request-Headers"));

        if (!req.getMethod().equalsIgnoreCase("OPTIONS")) {
            chain.doFilter(request, response)
        }
    }

    @Override
    public void destroy() {}
}

And I added the following to my web.xml:

<filter>
    <filter-name>CORSFilter</filter-name>
    <filter-class>CORSFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CORSFilter</filter-name>
    <url-pattern>/api/*</url-pattern>
</filter-mapping>

来源：https://stackoverflow.com/questions/28451459/preflight-options-request-to-soap-service-does-not-work