CORS error in Apache Tomcat – Solved

June 23, 2021

Gokul Deepak S

Error: Access to XMLHttpRequest at ‘http://10.12.13.39:8080/content/fetchAllcontent/1/Books/Philosophy’ from origin ‘http://localhost’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Solution: Add the below code in /opt/tomcat/conf/web.xml you can replace * in cors.allowed.origins with the domain you want eg: gokuldeepak.com

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern> /* </url-pattern>
</filter-mapping>

About the author

Gokul Deepak is a DevOps engineer focused on building reliable cloud systems through automation, observability, and disciplined infrastructure design. He shares practical insights from real-world production environments, helping engineers build systems that scale with clarity and confidence.

Leave a Reply

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Reach out to GokulDeepak through comments.

Contact Us

GokulDeepak

© Gokul Deepak

Privacy Policy Terms of Service