Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Stanislav Khmelevsky2018-02-15 16:11:18
Nginx
Stanislav Khmelevsky, 2018-02-15 16:11:18

How to set up cross-domain policy?

Good afternoon.
Introductory
There are:
- Windows server (don't ask why win)
- Tomcat 8
- Nginx 1.12
- And the web project itself, which runs on java.
Requests are received by Nginx (it also gives statics), and proxies them to Java.
There is a page, for example /app/registration, it has a registration form.
When submitting a form to itself via POST, everything is super 200 OK.
But when I try to make a POST request to this URL,
for example through Postman, I get a 403 error.
There are thoughts that the whole thing is in the CorsFilter policy of Tomcat.
But how did I just not scoff at the headlines.
I always get 403, I also tried adding headers to Nginx configs,
uselessly. Whether skis do not go, whether I...
Question
Who faced a similar problem? I don't know which way to dig.
UPD

config example
<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
  <param-name>cors.allowed.origins</param-name>
  <param-value>*</param-value>
  </init-param>
  <init-param>
  <param-name>cors.allowed.methods</param-name>
  <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
  <param-name>cors.allowed.headers</param-name>
  <param-value>Accept,Accept-Encoding,Accept-Language,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-CredentialsAccess-Control-Request-Method,Access-Control-Request-Headers,Authorization,Connection,Content-Type,Host,Origin,Referer,Token-Id,User-Agent, X-Requested-With</param-value>
   </init-param>
</filter>
<filter>
  <filter-name>WebdavFixFilter</filter-name>
  <filter-class>org.apache.catalina.filters.WebdavFixFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

UPD 2
Proxying from Nginx to Tomcat
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header Pragma public;
add_header Cache-Control "public";
add_header Access-Control-Allow-Origin *;

proxy_pass http://127.0.0.1:8080/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Server-Proto $server_protocol;
proxy_set_header X-Forwarded-Proto $scheme;

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
al_gon, 2018-02-15
@al_gon

https://enable-cors.org/server_tomcat.html

Similar questions
T
Traney2016-06-07 14:25:14
How can I set NGINX to understand GET parameters without the "?" sign? 1Reply
D
Dmitry2020-09-15 14:00:26
How to correctly separate sites by users and php-fpm pools? 2Reply
P
pqgg7nwkd42016-06-08 19:09:43
On-the-fly file decompression in NGINX? 1Reply
M
Monkz2022-01-10 18:33:03
How to return geoip result in nginx? 1Reply
V
Vellis-msk2020-09-16 17:14:51
How to proxy to ASP.NET core via nginx? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question