Tomcat indeed supports CORS by adding a CorsFilter. The configurations are flexible enough to intercept all the requests if you need that (note the url-pattern) in the example below:
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Now, this obviously has to be done at the level of the web application (changes in web.xml of the web application).
If you want to apply this filter "globally" (for all WARs possibly deployed on tomcat) then there is an option to configure a tomcat itself so that it will catch all the possible HTTP requests ever:
Add the aforementioned configurations into
conf/web.xml and you're done.
A Side Note:
If you extend this filter or something and need some additional dependencies for some reason they can't be in the WARs of course, but have to be in the classpath of tomcat itself, so put the required libraries into
lib folder (again, only if you need something like this)