Hello,
We have some issues with getting cors to work for requests within the 40x status code range. So we are curious if anyone else has gotten this to work perhaps? I think our very first question actually is if cors is meant to be on 40x requests or only on 20x requests? Now our actual web.xml looks as following: <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>http://tomcat.example.com,https://example.com </param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,soapaction</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> If I would test this it actually works for all 200 requests: curl -i -H "Origin: https://tomcat.example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: Content-Type, soapaction" -X GET -i http://localhost:8080/lol/test /1.json HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Access-Control-Allow-Origin: https://tomcat.example.com Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials Cache-Control: public, max-age=10 However if I would do this on a requests that would generate a 404 requests it does not work: curl -i -H "Origin: https://tomcat.example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: Content-Type, soapaction" -X GET -i http://localhost:8080/lol/test /xxx.json HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Cache-Control: public, must-revalidate, max-age=10 Content-Type: application/json Content-Length: 128 Date: Fri, 20 May 2016 09:28:42 GMT What would we need to do to make it show those cors headers also on those 404 requests?, and this counts the same for any kind of 401 requests (401 as in application authentication not the tomcat authentication). We would applicate any feedback or arguments if we do this wrong. Thank you in advanced, //Sjir Bagmeijer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org