Also we tried to give the same call from Android App to some different Node server and things worked fine. So it seems some problem with Tomcat only.
On Tue, Apr 22, 2014 at 9:22 PM, Ankit Singhal <ankising...@gmail.com>wrote: > Hi All > > > > I am facing a strange problem with Tomcat 8 and CORS. I am developing a > Hybrid web app using ionicframework, AngularJS, Cordova as front end and > Tomcat 8 and Spring 3 as back-end. > > > > For easy development I am testing the functionality in chrome , where > things are working fine. I added CORS filter with standard configuration to > allow CROSS ORIGIN requests from browser. > > > > Today I converted my app into Android App and started making AJAX calls to > tomcat server. To my surprise things stopped working . I debugged further > and anomalies in the headers of browser and Android webview. > > > > Browser sends 2 requests for same call OPTION and POST. But Android > Webview only send POST request. > > > > Browser Request Headers: > > > > OPTION: > > Remote Address:54.254.159.166:80 > > Request URL:http://medistreet.in/auth2 > > Request Method:OPTIONS > > Status Code:200 OK > > Request Headers > > OPTIONS /auth2 HTTP/1.1 > > Host: medistreet.in > > Connection: keep-alive > > Access-Control-Request-Method: POST > > Origin: http://localhost > > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/34.0.1847.116 Safari/537.36 > > Access-Control-Request-Headers: accept, content-type > > Accept: */* > > Referer: http://localhost/ > > Accept-Encoding: gzip,deflate,sdch > > Accept-Language: en-US,en;q=0.8 > > > > > > POST: > > > > Remote Address:54.254.159.166:80 > > Request URL:http://medistreet.in/auth2 > > Request Method:POST > > Status Code:200 OK > > > > Request Headers > > Accept:application/json, text/plain, */* > > Accept-Encoding:gzip,deflate,sdch > > Accept-Language:en-US,en;q=0.8 > > Connection:keep-alive > > Content-Length:39 > > Content-Type:application/json;charset=UTF-8 > > Host:medistreet.in > > Origin:http://localhost > > Referer:http://localhost/ > > User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/34.0.1847.116 Safari/537.36 > > > > > > Android Request Headers: > > > > Request URL:http://medistreet.in/auth2 > > Request Method:POST > > Status Code:403 Forbidden > > Request Headers > > POST http://medistreet.in/auth2 > HTTP/1.1<http://medistreet.in/auth2%20HTTP/1.1> > > Accept: application/json, text/plain, */* > > Origin: file:// > > User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT1033 Build/KXB20.25-1.31) > AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile > Safari/537.36 > > Content-Type: application/json;charset=UTF-8 > > > > > > The difference here I see is with Number of headers and specially Origin > Header which contains "file://". To overcome this I added more option > is CORS filter: > > > > <filter> > > <filter-name>CorsFilter</filter-name> > > <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> > > <init-param> > > <param-name>cors.allowed.origins</param-name> > > <param-value>*</param-value> > > </init-param> > > </filter> > > <filter-mapping> > > <filter-name>CorsFilter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > Another strange thing is that when we send the same Android request > Headers from POSTMAN (chrome REST plugin) request is successful. > > > > POSTMAN Headers: > > > > Remote Address:54.254.159.166:80 > > Request URL:http://medistreet.in/auth2 > > Request Method:POST > > Status Code:200 OK > > Request Headers > > Accept:application/json, text/plain, */* > > Accept-Encoding:gzip,deflate,sdch > > Accept-Language:en-US,en;q=0.8 > > Cache-Control:no-cache > > Connection:keep-alive > > Content-Length:39 > > Content-Type:application/json;charset=UTF-8 > > Cookie:fbm_464284963672217=base_domain=.medistreet.in; > JSESSIONID=87435755F03D7B045DD6E33D1D16AC51; > fbsr_464284963672217=dUjASqF-nWquTFPk_-5wAtI0jTImBNkVxglUT-gHNSw.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUQ0UEZZVXE4eDFIa3V6OW9RV3RlVzE4clQ3SmtVRjBzU1VVcXhfV1BENG8tV1BZYjZuTVdDdDJGMmw4TjJUeUxLSzhIYUU1TUc2MkY5cXZOaXRMN3NGdklNZkhySmluYkdjMWs1THAyZnZYa2Zpa1lLVGJ0OWlZeXVvRDNWUDhTblp4czJCeTQ4RTlYY1ZjUmhGWGJsNnFMeG5YcWxxQ0d3b0hRM1ctRWhlLU02ejVITnhhakJtaVFRVk9PanFBVUtMSlk4Y3pLa0RtejFSY3RjTEFRaW16X1lkLUFkUngxUGwzajVNczdWOFdiMW9xeC05QjA0T2xraXktVU9ZalpSRUJsZjhibnZjQXQ2aUZTc1d2QTA3TjVUYnFIekVxQ0JIYjJNRG4tSUJhajl6TEMwQlVpckM0YzJXbC1GVDNhcyIsImlzc3VlZF9hdCI6MTM5ODE4MDg2NCwidXNlcl9pZCI6IjU3NjI1MjI2MiJ9 > > Host:medistreet.in > > Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm > > User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/34.0.1847.116 Safari/537.36 > > > > > > After this also there is no solution to the problem . I suspect that > Android Webview is not sending something which Tomcat is rejecting. > > > > Any help will highly be appreciated. > > > Regards > > Ankit > > >
