Accessing JAX-RS RESTful API

I’m building a RESTful implementation that includes both the server and some clients. The server is up and running on a cloud service.

When trying to access a resource on JavaScript a web client trough an XMLHttpRequest, I’m getting the following errors.

  • detecting vulnerabilities in web applications and desktop applications
  • Adding “bServerSide”: true in datatable giving error TypeError: g is null
  • Login and stay on the same page?
  • Selecting a javascript drop down via selenium?
  • Unbinding presenters necessary in GWT
  • Spring - get all resolvable message keys
  • On Chrome:

    > XMLHttpRequest cannot load
    > http://someserver.com/someresource.
    > No 'Access-Control-Allow-Origin' header is present on the requested
    > resource. Origin 'null' is therefore not allowed access.
    

    On Firefox:

    Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://someserver.com/someresource. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
    

    I’ve read other answers recommending

    req.setRequestHeader("Access-Control-Allow-Origin", "*");
    

    But I haven’t had any luck with that.

    I’m wondering if the issue has to do with some configuration that needs to be done on the server side code to allow the calls to be received and processed properly.

    Could you help me solve this issue please?

  • Base64 Encode image and render it on JS
  • Warn user befor session time out in spring mvc
  • Android Javascript WebView
  • Regex in GWT to match URLs
  • Phonegap: javascript timer still running after closing DroidGap activity
  • How to find IP address or Location of http request?
  • One Solution collect form web for “Accessing JAX-RS RESTful API”

    Instead of setting header on request object set it on response from server side.

    response.addHeader("Access-Control-Allow-Origin", "*");
    response.addHeader("Access-Control-Allow-Methods", "GET, PUT, POST, OPTIONS, DELETE");
    response.addHeader("Access-Control-Allow-Headers", "Content-Type");
    response.addHeader("Access-Control-Max-Age", "86400");
    

    For Jax-RS:Implement ContainerResponseFilter

    package com.xyz.package;
    
    import java.io.IOException;
    
    import javax.ws.rs.container.ContainerRequestContext;
    import javax.ws.rs.container.ContainerResponseContext;
    import javax.ws.rs.container.ContainerResponseFilter;
    import javax.ws.rs.ext.Provider;
    
    @Provider
    public class CORSFilter implements ContainerResponseFilter {
    
       @Override
       public void filter(final ContainerRequestContext requestContext,
                          final ContainerResponseContext crc) throws IOException {
          crc.getHeaders().add("Access-Control-Allow-Origin", "*");
          crc.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
          crc.getHeaders().add("Access-Control-Allow-Credentials", "true");
          crc.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
          crc.getHeaders().add("Access-Control-Max-Age", "1209600");
       }
    
    }