• Software Overview
• JsWorld
  • Online demo
  • Quick start
  • Use cases
  • Library design and features
  • Numeric formatting
  • Currency formatting
  • Date/time formatting
  • Parsing
  • Supported locales
• JSON-RPC 2.0
  • Overview
  • Base Java classes
  • Interactive shell
  • Server
  • Client
  • Tips and tricks
• Json2Ldap
• CORS Filter
  • Overview
  • Installation
  • Configuration
  • Request tagging
  • Specification
  • Tips and tricks
  • Browser bugs and quirks
• Nimbus SRP
  • Overview
  • Usage
  • Tools
  • Specification
• About + Contact
• Download

The CORS Filter can run in any Java Servlet 2.5+ compatible web container, such as the popular open source Apache Tomcat server. Installation is a straightforward 3-step process.

1. Unzip

Unzip the downloaded CORS Filter package.

unzip CORSFilter.zip

2. Place the CORS JAR file in the CLASSPATH

Locate the cors-filter-<version>.jar file and put it into the CLASSPATH of your web server.

cors-filter-1.0.jar

If you have Apache Tomcat there are two CLASSPATH choices: If you intend to use CORS with a single web application put the JAR file in

$CATALINA_HOME/webapps/<your-web-app>/WEB-INF/lib/

To make CORS available globally, to all web applications, place the JAR in

$CATALINA_HOME/lib/

3. Add CORS configuration to web.xml

Open the WEB-INF/web.xml file of the web application where you intend to enable CORS and add a CORS Filter declaration and mapping.

The XML declaration to load the CORS filter:

<filter>
	<filter-name>CORS</filter-name>
	<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>

Then declare a filter mapping to tell the web server which servlets or URLs should be cross-domain-request enabled.

Example of applying the CORS filter to a single servlet:

<filter-mapping>
        <filter-name>CORS</filter-name>
        <servlet-name>MyServlet</servlet-name>
</filter-mapping>

And how to apply the CORS filter to all web app URLs:

<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

Have a look at the web.xml of the demo CORS application included with the download package to see a complete CORS filter declaration and mapping example.

Finally, remember to restart your web server for the installation to take effect.

Important note: By default the CORS Filter will apply a "public access" CORS policy, allowing all cross-site requests through (including credentials/cookies). Leaving the CORS Filter at this setting would actually be fine for most situations as CORS is not about adding server security; its primary intent is to protect the browser - the legitimate JavaScript apps running in it and the user's confidential data, such as cookies.

If you want to modify the default CORS Filter behaviour, proceed to the configuration instructions.

[d]zhuvinov [s]oftware

JsWorld Online demo Quick start Use cases Library design and features Numeric formatting Currency formatting Date/time formatting Parsing Supported locales

JSON-RPC 2.0 Overview Base Java classes Interactive shell Server Client Tips and tricks

CORS Filter Overview Installation Configuration Request tagging Specification Tips and tricks

Nimbus SRP Overview Usage Tools Specification

Software Overview About + Contact Download

Copyright © Vladimir Dzhuvinov, 2008 - 2012

[ software.dzhuvinov.com ]