在 Tomcat 中设置 CORS 标头 [英] Set CORS header in Tomcat

问题描述

我有一个由 Tomcat 托管的静态网站.

如何为我的网站设置标题，例如:Access-Control-Allow-Origin: *

它们都是静态文件，不是任何servlet应用程序.

解决方案

如果是静态站点，那么从 Tomcat 7.0.41 开始，您可以通过内置过滤器轻松控制 CORS 行为.

参考文献:

• (tomcat.apache.org/tomcat-8.0-doc/images/cors-flowchart.png)

  I had a static website hosted by Tomcat.

  How to set a header for my site like:Access-Control-Allow-Origin: *

  They are all static file, not any servlet application.

  解决方案

  If it's a static site, then starting with Tomcat 7.0.41, you can easily control CORS behavior via a built-in filter.

  References:

  • Tomcat 7
  • Tomcat 9

  Pretty much the only thing you have to do is edit the global web.xml in CATALINA_HOME/conf and add the filter definition:

       <!-- ================== Built In Filter Definitions ===================== -->
  
        ...
  
       <filter>
         <filter-name>CorsFilter</filter-name>
         <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
       </filter>
       <filter-mapping>
         <filter-name>CorsFilter</filter-name>
         <url-pattern>/*</url-pattern>
       </filter-mapping>
  
      <!-- ==================== Built In Filter Mappings ====================== -->
  
  

  Be aware, though, that Firefox does not like Access-Control-Allow-Origin: * and requests with credentials (cookies): when responding to a credentialed request, server must specify a domain, and cannot use wild carding.

  If you want to debugs requests in this situation, please be aware that CORS headers are only sent if there is a cross-origin request according to this flow-chart.

  (tomcat.apache.org/tomcat-8.0-doc/images/cors-flowchart.png)

  这篇关于在 Tomcat 中设置 CORS 标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！