Geek Answers Handbook

Play Framework CORS Headers

I am trying to set the CORS header for my platform application. In particular, I get this error

cannot load http://127.0.0.1:9000/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.

I realized that I can easily handle this by following these instructions: https://www.playframework.com/documentation/2.5.x/CorsFilter

However, after that. nothing changed.

 curl -I localhost:9000/ HTTP/1.1 200 OK Content-Length: 4540 Content-Type: text/html; charset=utf-8 Date: Mon, 11 Jul 2016 20:03:33 GMT

My config:

 play.http.filters = "global.Filters" play.filters.cors { allowedOrigins = ["http://www.example.com", "*"] allowedHttpMethods = ["GET", "POST"] allowedHttpHeaders = ["Accept"] }

and my Filters.scala file:

 package global import javax.inject.Inject import play.api.http.DefaultHttpFilters import play.filters.cors.CORSFilter class Filters @Inject() (corsFilter: CORSFilter) extends DefaultHttpFilters(corsFilter)

If someone can tell me why the filters don't seem to apply to the answers, that would be great.

+3
scala cors playframework
source share
3 answers

Playback filters are tempting, but when they don't work properly, as you noticed, magic is not so easy to track.

I prefer to use something like this:

 implicit class RichResult (result: Result) { def enableCors = result.withHeaders( "Access-Control-Allow-Origin" -> "*" , "Access-Control-Allow-Methods" -> "OPTIONS, GET, POST, PUT, DELETE, HEAD" // OPTIONS for pre-flight , "Access-Control-Allow-Headers" -> "Accept, Content-Type, Origin, X-Json, X-Prototype-Version, X-Requested-With" //, "X-My-NonStd-Option" , "Access-Control-Allow-Credentials" -> "true" ) }

Then you can easily call it in your answer like this:

 Ok(Json.obj("ok" -> "1")).enableCors

It’s easy to understand, it can only be placed where you want to enable CORS, and it’s very easy to debug!

+7
source share

I would not recommend writing / using any code to enable CORS, which is basically a framework function and only needs to be configured.

The material you copied from the documentation is correct:

  • cors.conf , where you change the settings for play.filters.cors . But you seem to have misconfigured, for example. allowedOrigin = * must be configured as null in the configuration. (See the documentation page and related reference.conf )

# The allowed origins. If null, all origins are allowed. play.filters.cors.allowedOrigins = null

  • You have correctly enabled CORSFilter in your Filters.scala
  • Now check your configuration with the correct cURL CORS query:

curl -H "Origin: http://example.com" \ -H "Access-Control-Request-Method: GET" \ -H "Access-Control-Request-Headers: X-Requested-With" \ -X OPTIONS --verbose \ http://localhost:9000/

+1
source share

it worked for me in one day (maybe cash or other things)

application.conf:

 play.http.filters = "filters.Filters" play.filters.cors { # allow all paths pathPrefixes = ["/"] # allow all origins (You can specify if you want) allowedOrigins = null allowedHttpMethods = ["GET", "POST"] # allow all headers allowedHttpHeaders = null }

build.sbt:

 val appDependencies = Seq( filters, .... )

in packet filters. Filter:

 package filters; import javax.inject.Inject; import play.mvc.EssentialFilter; import play.filters.cors.CORSFilter; import play.http.DefaultHttpFilters; public class Filters extends DefaultHttpFilters { CORSFilter corsFilter; @Inject public Filters(CORSFilter corsFilter) { super(corsFilter); this.corsFilter = corsFilter; } public EssentialFilter[] filters() { return new EssentialFilter[] { corsFilter.asJava() }; } }

and in my ajax call:

 $.ajax({ method:'GET', url: xxxxxxxx', dataType: 'json', headers: {'url': yyyyy, 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'GET, POST, PUT', 'Access-Control-Allow-Headers': 'Content-Type' }, success: function(data) { ....});

I have no more errors in prod and in the local environment! Thank you all

0
source share

More articles:


All Articles