在 Tomcat 中设置 CORS 标头 [英] Set CORS header in Tomcat
问题描述
我有一个由 Tomcat 托管的静态网站.
如何为我的网站设置标题,例如:Access-Control-Allow-Origin: *
它们都是静态文件,不是任何servlet应用程序.
如果是静态站点,那么从 Tomcat 7.0.41 开始,您可以通过内置过滤器轻松控制 CORS 行为.
参考文献:
(tomcat.apache.org/tomcat-8.0-doc/images/cors-flowchart.png)
I had a static website hosted by Tomcat.
How to set a header for my site like:
Access-Control-Allow-Origin: *
They are all static file, not any servlet application.
解决方案If it's a static site, then starting with Tomcat 7.0.41, you can easily control CORS behavior via a built-in filter.
References:
Pretty much the only thing you have to do is edit the global
web.xml
inCATALINA_HOME/conf
and add the filter definition:<!-- ================== Built In Filter Definitions ===================== --> ... <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- ==================== Built In Filter Mappings ====================== -->
Be aware, though, that Firefox does not like
Access-Control-Allow-Origin: *
and requests with credentials (cookies): when responding to a credentialed request, server must specify a domain, and cannot use wild carding.If you want to debugs requests in this situation, please be aware that CORS headers are only sent if there is a cross-origin request according to this flow-chart.
(tomcat.apache.org/tomcat-8.0-doc/images/cors-flowchart.png)
这篇关于在 Tomcat 中设置 CORS 标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!