CORS Filter

Configuration

The CORS Filter can be run with no additional configuration in most situations. By default it operates in public mode, informing the browser that:

If the default public CORS mode doesn't satisfy your requirements, you can override it by specifying your own configuration. Two configuration formats are supported:

  1. A Java properties text file;
  2. Filter init-params specified in the WEB-INF/web.xml descriptor of the web application.

The CORS Filter applies the following precedence when resolving the configuration properties:

  1. Checks for a cors.configurationFile system property and if set loads the CORS Filter properties file from the referenced location (must be relative to the web application root directory, e.g. /WEB-INF/cors.properties, relative to the classpath, or an absolute file path). Omitted configuration properties are given a sensible default value.
  2. Checks for a filter init-param cors.configurationFile and if set loads the CORS Filter properties file from the referenced location (must be relative to the web application root directory, e.g. /WEB-INF/cors.properties, relative to the classpath, or an absolute file path). Omitted configuration properties are given a sensible defaultvalue.
  3. Checks for CORS configuration properties in the filter init-params section. Omitted configuration properties are given a default value.
  4. Finally, a Java system property matching a CORS configuration property name has ultimate preference.

For example, here is a web.xml snippet to allow CORS requests from the http://example.com origin only:

<filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

        <init-param>
                <param-name>cors.allowOrigin</param-name>
                <param-value>http://example.com</param-value>
        </init-param>
</filter>

Or as an external properties file, referenced by the cors.configurationFile environment variable or filter init-param:

cors.allowOrigin = http://example.com

Look at the web.xml of the demo CORS application included with the download package to see a complete CORS filter declaration, configuration and mapping example.

Configuration parameters

This is a description of the CORS Filter configuration properties.

Remember to restart your web application or server after changing the CORS configuration!