Enable CORS for every request with Tomcat Server

1139 views tomcat

Without using a Servlet Filter, is there a way for Tomcat 9.0.12 to be configured (perhaps through catalina.properties) to allow all CORS request, all headers and just about every request?

answered question

1 Answer


Tomcat indeed supports CORS by adding a CorsFilter. The configurations are flexible enough to intercept all the requests if you need that (note the url-pattern) in the example below:


Now, this obviously has to be done at the level of the web application (changes in web.xml of the web application).

If you want to apply this filter "globally" (for all WARs possibly deployed on tomcat) then there is an option to configure a tomcat itself so that it will catch all the possible HTTP requests ever:

Add the aforementioned configurations into conf/web.xml and you're done.

A Side Note:

If you extend this filter or something and need some additional dependencies for some reason they can't be in the WARs of course, but have to be in the classpath of tomcat itself, so put the required libraries into lib folder (again, only if you need something like this)

posted this

Have an answer?


Please login first before posting an answer.