All,
I have a react, nodejs, frontend , https://app.mysite.com.
I pass info to my Java app on Tomcat at https://api.mysite.com. I have added the following into my app on TC web.xml.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://app.mysite.com</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
However I am still getting the following error:
Access to fetch at 'https://api.mysite.com'
from origin 'https://app.mysite.com' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
To add additional details, I have used an ALB to get the UI up and running.
Do I need to add the ALB to the parameter list?
Do I need to add the IP's? I am not sure what the TC is expecting as it appears I have what I need listed.
Is there a log somewhere on AWS where I can see where the fetch is actually originating?
Thanks for any help in this.
Here is additional info if it will help:
Request URL:
https://api.mysite.com
Request Method:
POST
Status Code:
403 Forbidden
Referrer Policy:
strict-origin-when-cross-origin
Connection:
keep-alive
Content-Type:
text/plain
Date:
Sat, 07 Oct 2023 20:08:20 GMT
Keep-Alive:
timeout=60
Transfer-Encoding:
chunked
Accept:
/
Accept-Encoding:
gzip, deflate, br
Accept-Language:
en-US,en;q=0.9
Connection:
keep-alive
Content-Length:
0
Dnt:
1
Host: api.mysite.com
Origin: https://app.mysite.com
Referer: https://app.mysite.com/
Sec-Ch-Ua:
"Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile:
?0
Sec-Ch-Ua-Platform:
"Windows"
Sec-Fetch-Dest:
empty
Sec-Fetch-Mode:
cors
Sec-Fetch-Site:
same-site
User-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47