Hi All
I am facing a strange problem with Tomcat 8 and CORS. I am developing a Hybrid web app using ionicframework, AngularJS, Cordova as front end and Tomcat 8 and Spring 3 as back-end. For easy development I am testing the functionality in chrome , where things are working fine. I added CORS filter with standard configuration to allow CROSS ORIGIN requests from browser. Today I converted my app into Android App and started making AJAX calls to tomcat server. To my surprise things stopped working . I debugged further and anomalies in the headers of browser and Android webview. Browser sends 2 requests for same call OPTION and POST. But Android Webview only send POST request. Browser Request Headers: OPTION: Remote Address:54.254.159.166:80 Request URL:http://medistreet.in/auth2 Request Method:OPTIONS Status Code:200 OK Request Headers OPTIONS /auth2 HTTP/1.1 Host: medistreet.in Connection: keep-alive Access-Control-Request-Method: POST Origin: http://localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 Access-Control-Request-Headers: accept, content-type Accept: */* Referer: http://localhost/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 POST: Remote Address:54.254.159.166:80 Request URL:http://medistreet.in/auth2 Request Method:POST Status Code:200 OK Request Headers Accept:application/json, text/plain, */* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Connection:keep-alive Content-Length:39 Content-Type:application/json;charset=UTF-8 Host:medistreet.in Origin:http://localhost Referer:http://localhost/ User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 Android Request Headers: Request URL:http://medistreet.in/auth2 Request Method:POST Status Code:403 Forbidden Request Headers POST http://medistreet.in/auth2 HTTP/1.1<http://medistreet.in/auth2%20HTTP/1.1> Accept: application/json, text/plain, */* Origin: file:// <file:///\\> User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT1033 Build/KXB20.25-1.31) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36 Content-Type: application/json;charset=UTF-8 The difference here I see is with Number of headers and specially Origin Header which contains "file:// <file:///\\>". To overcome this I added more option is CORS filter: <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> Another strange thing is that when we send the same Android request Headers from POSTMAN (chrome REST plugin) request is successful. POSTMAN Headers: Remote Address:54.254.159.166:80 Request URL:http://medistreet.in/auth2 Request Method:POST Status Code:200 OK Request Headers Accept:application/json, text/plain, */* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Cache-Control:no-cache Connection:keep-alive Content-Length:39 Content-Type:application/json;charset=UTF-8 Cookie:fbm_464284963672217=base_domain=.medistreet.in; JSESSIONID=87435755F03D7B045DD6E33D1D16AC51; fbsr_464284963672217=dUjASqF-nWquTFPk_-5wAtI0jTImBNkVxglUT-gHNSw.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUQ0UEZZVXE4eDFIa3V6OW9RV3RlVzE4clQ3SmtVRjBzU1VVcXhfV1BENG8tV1BZYjZuTVdDdDJGMmw4TjJUeUxLSzhIYUU1TUc2MkY5cXZOaXRMN3NGdklNZkhySmluYkdjMWs1THAyZnZYa2Zpa1lLVGJ0OWlZeXVvRDNWUDhTblp4czJCeTQ4RTlYY1ZjUmhGWGJsNnFMeG5YcWxxQ0d3b0hRM1ctRWhlLU02ejVITnhhakJtaVFRVk9PanFBVUtMSlk4Y3pLa0RtejFSY3RjTEFRaW16X1lkLUFkUngxUGwzajVNczdWOFdiMW9xeC05QjA0T2xraXktVU9ZalpSRUJsZjhibnZjQXQ2aUZTc1d2QTA3TjVUYnFIekVxQ0JIYjJNRG4tSUJhajl6TEMwQlVpckM0YzJXbC1GVDNhcyIsImlzc3VlZF9hdCI6MTM5ODE4MDg2NCwidXNlcl9pZCI6IjU3NjI1MjI2MiJ9 Host:medistreet.in Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 After this also there is no solution to the problem . I suspect that Android Webview is not sending something which Tomcat is rejecting. Any help will highly be appreciated. Regards Ankit