CORS JAVA (ERROR)

Question

CORS JAVA (ERROR)

Asked 7 years, 5 months ago

Viewed 2,148 times

3

I’m trying to connect to an API that was made in Java, but always error when trying to connect (I want to feed a mobile application, made in JS/Cordova).

When connecting (via Browser) I can, the API returns and everything works normal, but when I install the app on mobile, error 401. I’ve talked to a lot of people, and it seems to be a CORS error. The problem is that the API was not I who developed, so I asked for the code that releases the CORS before coming here. and he passed me this here.

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern> /* </url-pattern>
</filter-mapping>

Can anyone tell me if it’s right? or what’s the best way to do it?

So Rafael, a while ago I had a similar problem with an API, basically CORS is an authorization that defines who is authorized to consume data from the API, take a look at this [https://stackoverflow.com/questions/16296145/set-cors-header-in-tomcat/18850438#18850438]as the headers of your request are defined ?

– Caio

2017/06/08 at 19:43
From your comment on the Luks Sys response you don’t have access to the server. The code that he gave you is a Tomcat server configuration. You need to change your app to include CORS headers in the calls to the api.

– Grasshopper

2017/06/12 at 13:22
Another thing that strikes you is that problems with CORS only occur when you have a page loaded from a host wanting to make Ajax calls to another host. On mobile this should not happen because your calls do not run in a browser :).

– Grasshopper

2017/06/12 at 13:27
@Grasshopper did not understand very well, but yes, when I run in the Browser the API returns correctly, when I build and will run in the app I have this problem, the app is being done using Cordova + F7. is the first time I have this problem, all other projects (with another back), works perfectly.

– Rafael Augusto

2017/06/12 at 14:37
@Rafaelaugusto 401 is not error of CORS

– Denis Rudnei de Souza

2017/06/13 at 23:26
@Rafaelaugusto puts the code where you call the API

– Denis Rudnei de Souza

2017/06/13 at 23:32
Fortunately I ended up remaking the Back-End in Nodejs, all the information that went over I passed to the other developer and unfortunately he could not solve, but I thank everyone who tried to help me.

– Rafael Augusto

2017/06/15 at 22:44

Show 2 more comments

2 answers

3

A filter to release the CORS would be something like:

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
    chain.doFilter(req, response);
}

Since he’s using Apache Corsfilter, I think there’s something missing.

It would be something like:

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
       <param-name>cors.exposed.headers</param-name>
       <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>false</param-value>
    </init-param>
    <init-param>
        <param-name>cors.preflight.maxage</param-name>
        <param-value>10</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Source: Using CORS Headers with JAVA

I’ll delete my comment later, but add this to your reply please: 1 - Corsfilter is a feature provided by Tomcat from version 7 (in this case, to leave the app portable, it would be better if he chose the first approach).

– wryel

2017/06/08 at 22:17

Browser other questions tagged java api cors

You are not signed in. Login or sign up in order to post.

by LuKs Sys • **1,658** points · Answer 1 · 2017-06-09T14:00:10+00:00

1

From what I understand probably you are creating an application made with Ionic and debugging the app by Chrome. If this is your scenario there is an alternative that easily solves your problem just by installing a plugin. CORS plugin : https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi

Just install and activate the plugin and you will no longer have problems. I hope to have helped

The question is not to debug, debuggar I can, the question is when I run on mobile, then I have problem with CORS. When I test the app by the browser, it runs good, after the return of the API straight. but when I run by cell phone I will debuggar using Chrome, it from CORS error.

– Rafael Augusto

2017/06/09 at 15:39
The server and your mobile phone are on the same network?

– LuKs Sys

2017/06/09 at 18:07
Server? I build, I build the APK, the server where the API is, is hosted, I just consume it. As I said, in Chorme it works (I have not tested in other browsers), but in mobile, already of the error of face, ai como do de Debugger pelo proprio Chorme (Android) or Safari (IOS). I can see Network errors. And on both platforms, it generates the same error.

– Rafael Augusto

2017/06/09 at 19:23