Installation
The CORS Filter can run in any
Java Servlet 3.0+
compatible web container, such as the popular open source
Apache Tomcat
server. Installation is a straightforward 3-step process.
Download the
cors-filter-.jar file and its
java-property-utils-.jar dependency,
and put them into the CLASSPATH
of your web server.
If you have Apache Tomcat there are two CLASSPATH
choices: If you intend to use CORS with a single web application
put the JAR file in
$CATALINA_HOME/webapps//WEB-INF/lib/
To make CORS available globally, to all web applications, place the JAR in
$CATALINA_HOME/lib/
Alternatively, if you use Maven to build your project WAR file,
add the following dependency to your pom.xml
com.thetransactioncompany
cors-filter
[ version ]
Open the WEB-INF/web.xml file of the web application where you
intend to enable CORS and add a CORS Filter
declaration
and mapping.
The XML declaration to load the CORS filter:
CORS
com.thetransactioncompany.cors.CORSFilter
To use a variant of the CORS Filter that can automatically detect
changes to the configuration file and reconfigure itself use
the following declaration instead:
CORS
com.thetransactioncompany.cors.autoreconf.AutoReconfigurableCORSFilter
Then declare a filter mapping to tell the web server which
servlets or URLs should be cross-domain-request enabled.
Example of applying the CORS filter to a single servlet:
CORS
MyServlet
And how to apply the CORS filter to all web app URLs:
CORS
/*
Have a look at the web.xml
of the demo CORS application included with the download package to see
a complete CORS filter declaration and mapping example.
Finally, remember to restart your web server for the installation to take effect.
Important note:
By default the CORS Filter will apply a "public access" CORS policy, allowing
all cross-site requests through (including credentials/cookies). Leaving
the CORS Filter at this setting would actually be fine for most situations
as CORS is not about adding server security; its primary intent is to protect the
browser - the legitimate JavaScript apps running in it and the user's confidential data,
such as cookies.
If you want to modify the default CORS Filter behaviour, proceed to
the configuration instructions.