Disable authentication for OPTIONS requests in Tomcat Announcing the arrival of Valued...
Network questions
What could prevent concentrated local exploration?
Why does BitLocker not use RSA?
A German immigrant ancestor has a "Registration Affidavit of Alien Enemy" on file. What does that mean exactly?
How to ask rejected full-time candidates to apply to teach individual courses?
Why not use the yoke to control yaw, as well as pitch and roll?
Is there a verb for listening stealthily?
Why did Israel vote against lifting the American embargo on Cuba?
2 sample t test for sample sizes - 30,000 and 150,000
Is my guitar’s action too high?
Why doesn't the university give past final exams' answers?
Why aren't these two solutions equivalent? Combinatorics problem
Kepler's 3rd law: ratios don't fit data
Why these surprising proportionalities of integrals involving odd zeta values?
Can I take recommendation from someone I met at a conference?
Coin Game with infinite paradox
Has a Nobel Peace laureate ever been accused of war crimes?
What's the connection between Mr. Nancy and fried chicken?
What is the definining line between a helicopter and a drone a person can ride in?
Is Vivien of the Wilds + Wilderness Reclamation a competitive combo?
Does traveling In The United States require a passport or can I use my green card if not a US citizen?
Lights are flickering on and off after accidentally bumping into light switch
How to break 信じようとしていただけかも知れない into separate parts?
When speaking, how do you change your mind mid-sentence?
Disable authentication for OPTIONS requests in Tomcat
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Disallowing HTTP methods on Tomcat is case sensitive?Apache authenticate group of matching subdirectoryIIS aborting REST API CORS requests with status 500… for only one URIDisable authentication for HTTP OPTIONS method (preflight request)Setting up CORS for a specific method and urlCORS headers not added in Apache304 with CORS on apacheDisable authorisation on preflight OPTIONS request in HAProxyDid I implement CORS at the wrong place?Authentication with SSSDIIS10 Cors Module Configuration to Allow Cors
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I have an API protected by basic auth.
When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets rejected and thus my AJAX call is not allowed by the browser.
I tried to configure Tomcat to not authenticate OPTIONS requests but I don't manage to get it work.
Someone to help me to get it works?
Thanks :)
tomcat authentication ajax cors
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have an API protected by basic auth.
When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets rejected and thus my AJAX call is not allowed by the browser.
I tried to configure Tomcat to not authenticate OPTIONS requests but I don't manage to get it work.
Someone to help me to get it works?
Thanks :)
tomcat authentication ajax cors
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have an API protected by basic auth.
When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets rejected and thus my AJAX call is not allowed by the browser.
I tried to configure Tomcat to not authenticate OPTIONS requests but I don't manage to get it work.
Someone to help me to get it works?
Thanks :)
tomcat authentication ajax cors
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
I have an API protected by basic auth.
When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets rejected and thus my AJAX call is not allowed by the browser.
I tried to configure Tomcat to not authenticate OPTIONS requests but I don't manage to get it work.
Someone to help me to get it works?
Thanks :)
tomcat authentication ajax cors
tomcat authentication ajax cors
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
asked Oct 1 '15 at 9:37
OyoKooNOyoKooN
1316
1316
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
you must write a white list for your porpose
for more info see : Disallowing HTTP methods on Tomcat is case sensitive?
edited Apr 13 '17 at 12:14
Community♦
1
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
Hi, I don't see how this can help me with my issue.
– OyoKooN
Oct 1 '15 at 10:39
add a comment |
Maybe this answer will help. In short, we have to configure Tomcat server to forward the request to the CorsFilter even when unauthenticated, using something like this:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<!-- no auth-constraint here -->
</security-constraint>
make sure you DON'T include the "auth-constraint" element. So, the following example will NOT WORK:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/><!-- this will prevent OPTIONS request -->
</security-constraint>
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f725988%2fdisable-authentication-for-options-requests-in-tomcat%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
you must write a white list for your porpose
for more info see : Disallowing HTTP methods on Tomcat is case sensitive?
edited Apr 13 '17 at 12:14
Community♦
1
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
Hi, I don't see how this can help me with my issue.
– OyoKooN
Oct 1 '15 at 10:39
add a comment |
you must write a white list for your porpose
for more info see : Disallowing HTTP methods on Tomcat is case sensitive?
edited Apr 13 '17 at 12:14
Community♦
1
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
Hi, I don't see how this can help me with my issue.
– OyoKooN
Oct 1 '15 at 10:39
add a comment |
you must write a white list for your porpose
for more info see : Disallowing HTTP methods on Tomcat is case sensitive?
edited Apr 13 '17 at 12:14
Community♦
1
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
you must write a white list for your porpose
for more info see : Disallowing HTTP methods on Tomcat is case sensitive?
edited Apr 13 '17 at 12:14
Community♦
1
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
1
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
answered Oct 1 '15 at 10:15
mohammad moeinimohammad moeini
1011
1011
Hi, I don't see how this can help me with my issue.
– OyoKooN
Oct 1 '15 at 10:39
add a comment |
Hi, I don't see how this can help me with my issue.
– OyoKooN
Oct 1 '15 at 10:39
Hi, I don't see how this can help me with my issue.
– OyoKooN
Oct 1 '15 at 10:39
Hi, I don't see how this can help me with my issue.
– OyoKooN
Oct 1 '15 at 10:39
add a comment |
Maybe this answer will help. In short, we have to configure Tomcat server to forward the request to the CorsFilter even when unauthenticated, using something like this:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<!-- no auth-constraint here -->
</security-constraint>
make sure you DON'T include the "auth-constraint" element. So, the following example will NOT WORK:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/><!-- this will prevent OPTIONS request -->
</security-constraint>
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
add a comment |
Maybe this answer will help. In short, we have to configure Tomcat server to forward the request to the CorsFilter even when unauthenticated, using something like this:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<!-- no auth-constraint here -->
</security-constraint>
make sure you DON'T include the "auth-constraint" element. So, the following example will NOT WORK:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/><!-- this will prevent OPTIONS request -->
</security-constraint>
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
add a comment |
Maybe this answer will help. In short, we have to configure Tomcat server to forward the request to the CorsFilter even when unauthenticated, using something like this:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<!-- no auth-constraint here -->
</security-constraint>
make sure you DON'T include the "auth-constraint" element. So, the following example will NOT WORK:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/><!-- this will prevent OPTIONS request -->
</security-constraint>
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
Maybe this answer will help. In short, we have to configure Tomcat server to forward the request to the CorsFilter even when unauthenticated, using something like this:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<!-- no auth-constraint here -->
</security-constraint>
make sure you DON'T include the "auth-constraint" element. So, the following example will NOT WORK:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/><!-- this will prevent OPTIONS request -->
</security-constraint>
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
answered Aug 17 '18 at 10:21
Mladen B.Mladen B.
16613
16613
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f725988%2fdisable-authentication-for-options-requests-in-tomcat%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
