Home > Software engineering >  Tomcat Send "Cross-Origin-Opener-Policy" and "Cross-Origin-Embedder-Policy" Head
Tomcat Send "Cross-Origin-Opener-Policy" and "Cross-Origin-Embedder-Policy" Head

Time:03-16

I've built a React 17.0.2 application which has a dependency using "SharedArrayBuffer" (ffmpeg.wasm). This requires these Response Headers as per the docs:

Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

I am serving the React application via Tomcat 10. How do I modify the default web.xml to include those headers?

Update 1:

I've found some documentation that I think shows it is possible to send these headers, I just do not know what to put in web.xml to make it happen.

This doc says that to enable CORS on Tomcat, you can use the filter tag. It also says, "This filter is an implementation of W3C's CORS (Cross-Origin Resource Sharing) specification". The specification they reference includes both of those headers:

Solution:

Since there is no native way to send these response headers, I had to use this code to add them. I ran git clone, made sure I had CATALINA_HOME set, ran make.sh, moved the resulting .jar to the lib/ directory in Tomcat, and matched the permissions with with surrounding jars. I wrote two filters in my web.xml and restarted Tomcat.

<filter>
    <filter-name>OpenerPolicyHeaderFilter</filter-name>
    <filter-class>StaticHeaders</filter-class>
    <init-param>
        <param-name>Cross-Origin-Opener-Policy</param-name>
        <param-value>same-origin</param-value>
        </init-param>
</filter>
<filter-mapping>
    <filter-name>OpenerPolicyHeaderFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>EmbedderPolicyHeaderFiler</filter-name>
    <filter-class>StaticHeaders</filter-class>
    <init-param>
        <param-name>Cross-Origin-Embedder-Policy</param-name>
        <param-value>require-corp</param-value>
        </init-param>
</filter>
<filter-mapping>
    <filter-name>EmbedderPolicyHeaderFiler</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

CodePudding user response:

The CORS filter only handles the Access-Control-* headers and does not do anything about Cross-Origin-* headers.

If you wish to set Cross-Origin-* headers, you will either have to manage that yourself, or submit a pull-request to the Tomcat project.

Page link:https//www.codepudding.com/Softwareengineering/336033.html

Prev:Upgrade from spring-boot 2.4.4 to 2.5.9 cause X-Forwarded not to be taken
Next:How to install npm after it uninstalled itself?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding