Enabling cors in dropwizard not working

java dropwizard
naslami picture naslami · Sep 10, 2014 · Viewed 17.4k times · Source

I'm working on a dropwizard application and js ui to interacte with the api. I need to load json data to update views but I have to enable cors in dropwizard before that. I did some staff but it seems not working because dropwizard returns allways 204 no content.

@Override
public void run(final BGConfiguration configuration, final Environment environment) throws Exception {
  final Map<String, String> params = new HashMap<>();
  params.put("Access-Control-Allow-Origin", "/*");
  params.put("Access-Control-Allow-Credentials", "true");
  params.put("Access-Control-Expose-Headers", "true");
  params.put("Access-Control-Allow-Headers", "Content-Type, X-Requested-With");
  params.put("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
  environment.servlets().addFilter("cors", CrossOriginFilter.class).setInitParameters(params);
}

Answer

Mike Clarke picture Mike Clarke · Sep 12, 2014

The bug here is that the filter hasn't been configured with a URL path via the addMappingForUrlPatterns method.

This worked for me using dropwizard 0.7.1:

import org.eclipse.jetty.servlets.CrossOriginFilter;
import javax.servlet.DispatcherType;
import java.util.EnumSet;

public void run(Configuration conf, Environment environment)  {
    // Enable CORS headers
    final FilterRegistration.Dynamic cors =
        environment.servlets().addFilter("CORS", CrossOriginFilter.class);

    // Configure CORS parameters
    cors.setInitParameter("allowedOrigins", "*");
    cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
    cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");

    // Add URL mapping
    cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
}

I'm assuming you're testing this live in a browser, but you can verify via CLI with a curl command like this:

$ curl -H "Origin: http://example.com" \
       -H "Access-Control-Request-Method: POST" \
       -H "Access-Control-Request-Headers: X-Requested-With" \
       -X OPTIONS --verbose \
       http://localhost:8080

You should see a bunch of Access-Control-* HTTP headers in the response.

Related questions

Change Dropwizard default ports

I have a Dropwizard based Jersey REST service running on the default ports 8080(service) and 8081(admin), I need to change the default ports to something that is less commonly used, I am not able to find any information to do …

Read More
Spring - Programmatically generate a set of beans

I have a Dropwizard application that needs to generate a dozen or so beans for each of the configs in a configuration list. Things like health checks, quartz schedulers, etc. Something like this: @Component class MyModule { @Inject private MyConfiguration configuration; @…

Read More
DropWizard Metrics Meters vs Timers

I am learning the DropWizard Metrics library (formerly Coda Hale metrics) and I am confused as to when I should be using Meters vs Timers. According to the docs: Meter: A meter measures the rate at which a set of …

Read More