Quantcast

ajax for https in struts

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ajax for https in struts

Emi Lu
Hello,

Ajax methods work in http, but NOT https.

Seems due to cross-origin HTTP request.

May I know how to setup "Access-Control-Allow-Origin" in
struts/jsp/servlet please?


Have tried the following but did NOT work.

(1) mainlayout.jsp
      response.addHeader("Access-Control-Allow-Origin", "*");


(2) web.xml
     <filter>
       <filter-name>cors</filter-name>
       <filter-class>CORSFilter</filter-class>
     </filter>

     <filter-mapping>
        <filter-name>cors</filter-name>
        <url-pattern>/*</url-pattern>
     </filter-mapping>

public class CORSFilter extends OncePerRequestFilter
{
    @Override
    protected void doFilterInternal(
        HttpServletRequest  request,
        HttpServletResponse response,
        FilterChain         filterChain
    )   throws ServletException, IOException
    {
        response.addHeader("Access-Control-Allow-Origin", "*");
        filterChain.doFilter(request, response);
    }
}




example ajax method:

function test(str, url)
{
    var xmlhttp;
    if (str.length==0)
    {
       document.getElementById("txt_hint").innerHTML="";
       return;
    }
    xmlhttp=new XMLHttpRequest();

    xmlhttp.onreadystatechange=function()
    {
       if (xmlhttp.readyState==4 && xmlhttp.status==200)
       {
          var tmp = xmlhttp.responseText;
          document.getElementById("txt_hint").innerHTML = tmp;
       }
    }
    xmlhttp.open("POST", url + "?str=" + str, true);
    xmlhttp.send();
}

Thanks a lot!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ajax for https in struts

Christoph Nenning
> From: Emi <[hidden email]>
> To: Struts Users Mailing List <[hidden email]>,
> Date: 17.03.2017 16:57
> Subject: ajax for https in struts
>
> Hello,
>
> Ajax methods work in http, but NOT https.
>
> Seems due to cross-origin HTTP request.


Can you be more precise, please?

What is the original URL and which URL do you try to access with AJAX?


>
> May I know how to setup "Access-Control-Allow-Origin" in
> struts/jsp/servlet please?
>
>
> Have tried the following but did NOT work.
>
> (1) mainlayout.jsp
>       response.addHeader("Access-Control-Allow-Origin", "*");
>

AFAIK browsers send a special OPTIONS request to determine
"Access-Control-Allow-Origin". I don't think that you can just add that
header in a jsp.


>
> (2) web.xml
>      <filter>
>        <filter-name>cors</filter-name>
>        <filter-class>CORSFilter</filter-class>
>      </filter>
>
>      <filter-mapping>
>         <filter-name>cors</filter-name>
>         <url-pattern>/*</url-pattern>
>      </filter-mapping>
>
> public class CORSFilter extends OncePerRequestFilter
> {
>     @Override
>     protected void doFilterInternal(
>         HttpServletRequest  request,
>         HttpServletResponse response,
>         FilterChain         filterChain
>     )   throws ServletException, IOException
>     {
>         response.addHeader("Access-Control-Allow-Origin", "*");
>         filterChain.doFilter(request, response);
>     }
> }
>

Tomcat provides a built in cors filter. Look at this flowchart of tomcat
docs:
https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png

As you can see it is quite complicated :)


Regards,
Christoph



>
>
>
> example ajax method:
>
> function test(str, url)
> {
>     var xmlhttp;
>     if (str.length==0)
>     {
>        document.getElementById("txt_hint").innerHTML="";
>        return;
>     }
>     xmlhttp=new XMLHttpRequest();
>
>     xmlhttp.onreadystatechange=function()
>     {
>        if (xmlhttp.readyState==4 && xmlhttp.status==200)
>        {
>           var tmp = xmlhttp.responseText;
>           document.getElementById("txt_hint").innerHTML = tmp;
>        }
>     }
>     xmlhttp.open("POST", url + "?str=" + str, true);
>     xmlhttp.send();
> }
>
> Thanks a lot!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

This Email was scanned by Sophos Anti Virus
Loading...