this may seem like a known problem, and there are many questions on this subject, however my situation is very strange. I have a simple web application deployed to tomcat 8.0.36. I configured CORS correctly:
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Cross-search requests are blocked by the browser:
No header "Access-Control-Allow-Origin" is present on the requested resource. Origin ' https://www.mytestpage.com ' is therefore not allowed. The response had an HTTP status code of 403.
In the tomcat log file, I also see a 403 response code. Interestingly, my application code never runs in the case of cross-origin requests. Requests are blocked until my application, and 403 is sent immediately. I do not have apache in front of tomcat, this is a simple cat. I tried a lot of things, including whitelisting sources and specifying allowed headers - nothing helped. I also tried to set the header programmatically until I found that the code never executes in the case of a cross origin request.
UPD: the endpoint accepts POST requests. Those POST requests are sent as XmlHttpRequests from the JS fragment.
Any ideas what this could be?
ps I can make successful the same origin requests.
bekon source share