What is CORS
CORS is cross origin resource sharing which allows or block the cross domain calls from a web application between different domains. By default you are able to make Ajax calls to other domain. To enable it that provider also need to add certain headers to allow the requester domain.CORS Headers
Below are the required headers to implement the CORS.- Access-Control-Allow-Origin In this header we specify the domain from which we want to allow the access, for example: example.com.
- Access-Control-Allow-Credentials This header specifies if it can pass authorization details in cross domain request. for example: true/false.
- Access-Control-Max-Age We can use this header to specify how long we want to cache the preflight request details like allowed methods, allowed headers etc. We can specify value in seconds and we can cache them for a long time as such details are not change frequently.
- Access-Control-Allow-Methods Here we specify the methods we want to allow for request, for example: GET, POST, DELETE, OPTIONS, PATCH.
- Access-Control-Allow-Headers Here we specify the header names which are allowed during the request.
Java Filter Implementation
We will use Java filter to implement these CORS headers. We can implement this filter in java web application along with Spring, Struts or JSF frameworks also. However those frameworks have their own mechanism to implement CORS.We have used a header "referer" here to get the requester domain, so we can allows cross-domain call by putting it in response header. Below is the complete code for Filter class.
public class CorsFilter implements Filter{ @Override public void init(FilterConfig config){} @Override public void destroy(){} @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)throws ServletException, IOException{ HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String referer = request.getHeader("referer"); if(referer!=null && referer.length()>1){ if(referer.endsWith("/")){ referer = referer.substring(0, referer.length()-1); } response.addHeader("Access-Control-Allow-Origin", referer); response.addHeader("Access-Control-Allow-Credentials", "true"); response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS"); response.addHeader("Access-Control-Allow-Headers", "x-requested-with,Content-Type,Access-Control-Allow-Methods,Access-Control-Allow-Origin"); response.addHeader("Access-Control-Max-Age", "86400");//24 hours } chain.doFilter(request, response); } }
Web config changes
We are ready with out filter code and now we need to register it using the web configuration (web.xml). Below is the code for filter registration.<filter> <filter-name>corsFilter</filter-name> <filter-class>com.ttj.web.cors.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>corsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>Now if you call the configured URLs using java script/Ajax then it will populate the required response headers to allow the cross-domain access. Please note that the code I shown here, is configured to allow any domain. If you want to allow some specific then you can maintain some list of domains to check before setting the headers.
It is so nice article thank you for sharing this valuable content
ReplyDeleteMicroservices Online Training
Microservices Training in Hyderabad
Thanks for the informative article. This is one of the best resources I have found in quite some time.
ReplyDeleteSoftware testing training in T Nagar
Software testing training in OMR
selenium training in Tambaram
Java training in tambaram
SEO Training in Anna Nagar
RPA Training in chennai
Web Designing Course in T Nagar
Spoken English Classes in Velachery
German Classes in T Nagar
AWS Training in OMR
This is really useful information. I am satisfied with reading your blog.
ReplyDeletehow to learn java easily
cross platform mobile app development
successful social media campaigns
what is microsoft azure
tableau interview questions and answers
This is really great and I obtain a huge of knowledge in this post. I loved it..!
ReplyDeletePlacement Training in Chennai
Corporate Training in Chennai
HR Course in Chennai
Best Training and Placement Institute in Chennai
STL information don’t comprise any information on models of measurement. For Baby Lounger Pillows a 1.0mm by 1.0mm by 1.0mm dice, as soon as} the file is exported as an STL, it merely turns into a 1.0mm by 1.0mm by 1.0mm dice. Get this quick reference information to discover your floor end options across our six 3D printing technologies. When first starting out you’ll most likely design one thing that needs to be useful and match tightly with another object, only to find out|to search out} that the scale you set had been utterly off. Since FDM 3D printing is done in layers from the bottom up, in a position to} adjust the position of the model in the slicer earlier than printing it to make it stronger.
ReplyDelete