Re: CORS issue with Tomcat and Android Webview

Tue, 22 Apr 2014 11:14:24 -0700 

On 4/22/2014 11:03 AM, Ankit Singhal wrote:

Also we tried to give the same call from Android App to some different Node
server and things worked fine. So it seems some problem with Tomcat only.


On Tue, Apr 22, 2014 at 9:22 PM, Ankit Singhal <ankising...@gmail.com>wrote:


Hi All



I am facing a strange problem with Tomcat 8 and CORS. I am developing a
Hybrid web app using ionicframework, AngularJS, Cordova as front end and
Tomcat 8 and Spring 3 as back-end.



For easy development I am testing the functionality in chrome , where
things are working fine. I added CORS filter with standard configuration to
allow CROSS ORIGIN requests from browser.



Today I converted my app into Android App and started making AJAX calls to
tomcat server. To my surprise things stopped working . I debugged further
and anomalies in the headers of browser and Android webview.



Browser sends 2 requests for same call OPTION and POST. But Android
Webview only send POST request.



Browser Request Headers:



OPTION:

Remote Address:54.254.159.166:80

Request URL:http://medistreet.in/auth2

Request Method:OPTIONS

Status Code:200 OK

Request Headers

OPTIONS /auth2 HTTP/1.1

Host: medistreet.in

Connection: keep-alive

Access-Control-Request-Method: POST

Origin: http://localhost

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/34.0.1847.116 Safari/537.36

Access-Control-Request-Headers: accept, content-type

Accept: */*

Referer: http://localhost/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8





POST:



Remote Address:54.254.159.166:80

Request URL:http://medistreet.in/auth2

Request Method:POST

Status Code:200 OK



Request Headers

Accept:application/json, text/plain, */*

Accept-Encoding:gzip,deflate,sdch

Accept-Language:en-US,en;q=0.8

Connection:keep-alive

Content-Length:39

Content-Type:application/json;charset=UTF-8

Host:medistreet.in

Origin:http://localhost

Referer:http://localhost/

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/34.0.1847.116 Safari/537.36





Android Request Headers:



Request URL:http://medistreet.in/auth2

Request Method:POST

Status Code:403 Forbidden

Request Headers

POST http://medistreet.in/auth2 HTTP/1.1<http://medistreet.in/auth2%20HTTP/1.1>

Accept: application/json, text/plain, */*

Origin: file://

User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT1033 Build/KXB20.25-1.31)
AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile
Safari/537.36

Content-Type: application/json;charset=UTF-8





The difference here I see is with Number of headers and specially Origin
Header  which contains "file://". To overcome this I added  more option
is CORS filter:



<filter>

<filter-name>CorsFilter</filter-name>

<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>

<init-param>

<param-name>cors.allowed.origins</param-name>

<param-value>*</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>CorsFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>



Another strange thing is that when we send the same Android request
Headers from POSTMAN (chrome REST plugin) request is successful.



POSTMAN Headers:



Remote Address:54.254.159.166:80

Request URL:http://medistreet.in/auth2

Request Method:POST

Status Code:200 OK

Request Headers

Accept:application/json, text/plain, */*

Accept-Encoding:gzip,deflate,sdch

Accept-Language:en-US,en;q=0.8

Cache-Control:no-cache

Connection:keep-alive

Content-Length:39

Content-Type:application/json;charset=UTF-8

Cookie:fbm_464284963672217=base_domain=.medistreet.in;
JSESSIONID=87435755F03D7B045DD6E33D1D16AC51;
fbsr_464284963672217=dUjASqF-nWquTFPk_-5wAtI0jTImBNkVxglUT-gHNSw.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUQ0UEZZVXE4eDFIa3V6OW9RV3RlVzE4clQ3SmtVRjBzU1VVcXhfV1BENG8tV1BZYjZuTVdDdDJGMmw4TjJUeUxLSzhIYUU1TUc2MkY5cXZOaXRMN3NGdklNZkhySmluYkdjMWs1THAyZnZYa2Zpa1lLVGJ0OWlZeXVvRDNWUDhTblp4czJCeTQ4RTlYY1ZjUmhGWGJsNnFMeG5YcWxxQ0d3b0hRM1ctRWhlLU02ejVITnhhakJtaVFRVk9PanFBVUtMSlk4Y3pLa0RtejFSY3RjTEFRaW16X1lkLUFkUngxUGwzajVNczdWOFdiMW9xeC05QjA0T2xraXktVU9ZalpSRUJsZjhibnZjQXQ2aUZTc1d2QTA3TjVUYnFIekVxQ0JIYjJNRG4tSUJhajl6TEMwQlVpckM0YzJXbC1GVDNhcyIsImlzc3VlZF9hdCI6MTM5ODE4MDg2NCwidXNlcl9pZCI6IjU3NjI1MjI2MiJ9

Host:medistreet.in

Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/34.0.1847.116 Safari/537.36





After this also there is no solution to the problem .  I suspect that
Android Webview is not sending something which Tomcat is rejecting.



Any help will highly be appreciated.


Regards

Ankit



Hi, Ankit-
I would double-check the documentation for the Tomcat CORS filter and the Cordova whitelist implementation: 

https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
http://docs.phonegap.com/en/3.4.0/guide_appdev_whitelist_index.md.html

Hope that helps.

-Terence Bandoian


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to