Results 1 to 2 of 2

Thread: CORS issue POST request (403 Forbidden) of App Android generated with Sencha CMD 6.5

  1. #1

    Default CORS issue POST request (403 Forbidden) of App Android generated with Sencha CMD 6.5

    Hi,

    I am desperate. I am trying to generated a app Android (Front-end) with Sencha CMD 6.5 that send requests to Tomcat Server (Back-end).

    The problem is the POST method , when App send the request in the header the "Origin" parameter is set to "file://" and the CORS of tomcat reject the request (Forbidden 403).

    HEADER

    Code:
    Accept: */*
    Accept-Encoding: gzip,deflate
    Accept-Language: en-US;q=0.9
    Connection: keep-aliv(e)
    Content-Length: 39
    Host: 192.168.1.91: 8080
    Origin: file: //
    Referer: -
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0(Linux;Android7.0;MI5Build/NRD90M;wv)AppleWebKit/537.36(KHTML,likeGecko)Version/4.0Chrome/64.0.3282.137MobileSafari/537.36

    FILTER defined on tomcat 8.0 in web.xml

    Code:
    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
          <param-name>cors.allowed.origins</param-name>
          <param-value>*</param-value>
        </init-param>
         <init-param>
          <param-name>cors.allowed.methods</param-name>
          <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
        </init-param> 
        <init-param>
          <param-name>cors.allowed.headers</param-name>
          <param-value>Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
        </init-param>
         <init-param>
            <param-name>cors.exposed.headers</param-name>
            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
        </init-param> 
        <init-param>
          <param-name>cors.support.credentials</param-name>
          <param-value>true</param-value>
        </init-param>
        <init-param>
          <param-name>cors.preflight.maxage</param-name>
          <param-value>10</param-value>
        </init-param>
     </filter>
    
     <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>


    The funny thing is that with the GET method not set anything in the Origin parameter and the Tomcat CORS accepts it.

    There are only two solutions:

    1.- Set the parameter Origin of header (
    I did not find anything in any forum, like this, like stackoverflow, etc.)
    2.- Modify CORS Filter of TOMCAT 8.
    (I did not find anything in any forum, like this, like stackoverflow, etc.)

    Please, can anybody help me? Thanks in advance

    Daniel

  2. #2

    Default

    The solution is use ContainerResponseFilter, instead of filter of tomcat.

    Code:
      import javax.ws.rs.ext.Provider;
        import javax.ws.rs.container.ContainerRequestContext;
        import javax.ws.rs.container.ContainerResponseContext;
        import javax.ws.rs.container.ContainerResponseFilter;
        import javax.ws.rs.core.MultivaluedMap;
        
        @Provider
        public class CORSResponseFilter implements ContainerResponseFilter {
        
        @Override
        public void filter(ContainerRequestContext creq, ContainerResponseContext cres) {
            
            MultivaluedMap<String, Object> headers = cres.getHeaders();
            headers.add("Access-Control-Allow-Origin", "*");
            headers.add("Access-Control-Allow-Headers", "Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers");
            headers.add("Access-Control-Allow-Credentials", "false");
            headers.add("Access-Control-Allow-Methods", "GET,POST,HEAD,OPTIONS,PUT");
            //headers.add("Access-Control-Max-Age", "10");
            }
        
        }
    I already tried this, in case someone thinks it would have worked with original filter:


    Code:
      <init-param>
              <param-name>cors.support.credentials</param-name>
              <param-value>false</param-value>
        </init-param>
    Welcome guys, I hope it help someone in the future.


    Daniel

Similar Threads

  1. Replies: 2
    Last Post: 28 Mar 2014, 5:03 PM
  2. Parse Error in installing Android APK generated from Sencha SDK
    By good_c_ryan_19 in forum Sencha Touch 2.x: Q&A
    Replies: 5
    Last Post: 12 Mar 2014, 10:47 AM
  3. Replies: 4
    Last Post: 27 Jan 2013, 7:58 AM
  4. Sending javascript array object through CORS POST request
    By indra00 in forum Sencha Touch 2.x: Q&A
    Replies: 3
    Last Post: 9 Nov 2012, 4:20 AM
  5. Ext.Ajax.request with CORS problem
    By Svinja in forum Sencha Touch 2.x: Q&A
    Replies: 3
    Last Post: 14 May 2012, 3:29 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •