Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cors on Tomcat returns multiple Allow-Origin headers #243

Open
Stitch10925 opened this issue Oct 12, 2022 · 0 comments
Open

Cors on Tomcat returns multiple Allow-Origin headers #243

Stitch10925 opened this issue Oct 12, 2022 · 0 comments

Comments

@Stitch10925
Copy link

I have a docker container running PlantUML server Tomcat version on the following address: http://192.168.1.10/
I have a website that makes a post request to the server. With some content in the body:

URL: http://192.168.1.10/png
BODY:
Bob -> Alice : hello2
Steve -> Jonah
Sven -> Miriam
Hans -> Grietje

This should return an image, which works fine in Postman.
However, when performing this post request in the browser using Javascript, the browser blocks the response with a Cors error: Multiple Cors headers are not allowed.

When looking at the response it indeed has 2 Cors headers:

The first one is the one added by PlantUML server (persumably DiagramResponse.java lines 205 or 122), the second one is added by Tomcat.

When I disable the CorsFilter in Tomcat no Access-Control-Allow-Origin are returned, not even the one from PlantUML. This means I cannot make any POST calls to my local server because I either get no Access-Control-Allow-Origin headers or I get two, both cause the browser to give a Cors error.

Is there a way to stop PlantUML from adding the Access-Control-Allow-Origin header by default? Maybe using a parameter? Or is there a way to configure Tomcat to return only one header?

Tomcat CorsFilter configuration:

<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>http://192.168.1.10/</param-value>
</init-param>
<init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST</param-value>
</init-param>
<init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,Authorization,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Content-Length,Connection</param-value>
</init-param>
<init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>false</param-value>
</init-param>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Stitch10925