OPTIONS request for cross domain recovery using CORS

Question

OPTIONS request for cross domain recovery using CORS

On the client side, I use Ajax.post (jquery 1.5) with json. On the server side, I use rest restaasy-jaxrs-2.0.1.GA. I found somewhere that I should add a couple of headers to the server response, and I did with the following filter:

public void doFilter( ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException { MyServletRequestWrapper httpReq = new MyServletRequestWrapper((HttpServletRequest)req); HttpServletResponse httpRes = (HttpServletResponse)res; HttpSession session = httpReq.getSession(); httpRes.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, "*"); httpRes.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); if (((HttpServletRequest) req).getMethod().equals("OPTIONS")){ httpRes.addHeader(ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, OPTIONS, PUT, DELETE"); httpRes.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, "content-type, x-requested-with, x-requested-by"); } filterChain.doFilter(httpReq, httpRes); }

It works great because every GET response is added over the headers. The problem occurs when I want to use a POST request. When I use Ajax.post, the server first receives the OPTIONS request, and I have the following error:

Failed executing OPTIONS [REST_PATH] org.jboss.resteasy.spi.DefaultOptionsMethodException: No resource method found for options, return OK with Allow header

To solve the error described above, I tried to add the invoke method with the same path as POST ([REST_PATH]), but with the @OPTION annotation. In this case, javac told me that the character: OPTIONS of the class cannot be found, even there is OPTION.class in the attached jaxrs library.

Any ideas to fix this? I would really appreciate any tips.

+4

rest xmlhttprequest http-options-method

user1039359 Nov 10 '11 at 9:25

source share

4 answers

Mariusz · Answer 1 · 2013-04-06T20:19:26+0000

This question is pretty old, but as a reference for others with similar problems - just recently I came across a good "CORS filter" that you might want to consider. It is just a matter of adding the following lines to your web.xml and it works like a charm.

 <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> </filter> <filter-mapping> <filter-name>CORS</filter-name> <servlet-name>MyServletNameGoesHere</servlet-name> </filter-mapping>

and maven dependency:

 <dependency> <groupId>com.thetransactioncompany</groupId> <artifactId>cors-filter</artifactId> <version>1.5.1</version> </dependency>

otonglet · Answer 2 · 2017-08-10T13:53:34+0000

When I tried to call my service with an Angular 2 client, RestEasy responded to preview requests with an HTTP status of 500 and the following error.

RESTEASY003655: resource method not found for parameters, return OK with the Allow header

I tried RestEasy CorsFilter , but I would like to offer a simple alternative. What if you do not want to write code that handles the OPTIONS call for each of your endpoints?

I applied a simple filter that:

Applies the CORS header you need for the response.
Returns the HTTP 200 status code when the endpoint is called using the OPTIONS method. You inform the customer that their pre-sale CORS requests have been accepted.

Here is the code. Feel free to refine the filter if you want to send back 200 when requesting a "real" endpoint.

 @Provider public class CorsFilter implements ContainerResponseFilter { @Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { MultivaluedMap<String, Object> headers = responseContext.getHeaders(); headers.add("Access-Control-Allow-Origin", "*"); // If you want to be more restrictive it could be localhost:4200 headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, OPTIONS"); // You can add HEAD, DELETE, TRACE, PATCH headers.add("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept, Accept-Language"); // You can add many more if (requestContext.getMethod().equals("OPTIONS")) responseContext.setStatus(200); }}

Make sure you understand CORS .

Paulb · Answer 3 · 2014-10-09T08:44:16+0000

A CORS filter can be great. I would like to indicate how you wrote: “In order to solve the above error, I tried to add the invoke method with the same path as POST ([REST_PATH]) but with the @OPTION annotation. In this case, javac told me that this character : class OPTIONS may not have been found "that you had a typo instead of @OPTION S , you wrote @OPTION without S :)

gba · Answer 4 · 2015-01-22T17:39:32+0000

Tomcat has a built-in CORS filter. http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html

 <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

OPTIONS request for cross domain recovery using CORS

More articles: