ibrabeicker ibrabeicker - 2 months ago 12
Java Question

How to set CORS headers into internal server error responses?

I have a java application server with a REST interface provided by resteasy and I have the CORS filter bellow

@Provider
public class CORSFilter implements ContainerResponseFilter {

public void filter(ContainerRequestContext cReq, ContainerResponseContext cResp) {
cResp.getHeaders().add("Access-Control-Allow-Origin", "*");
cResp.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, auth-token");
cResp.getHeaders().add("Access-Control-Allow-Credentials", "true");
cResp.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
cResp.getHeaders().add("Access-Control-Max-Age", "1209600");
}

}


All requests return with the CORS headers:

OPTIONS 200 OK
Access-Control-Allow-Credentials:"true"
Access-Control-Allow-Headers:"origin, content-type, accept, authorization, auth-token"
Access-Control-Allow-Methods:"GET, POST, PUT, DELETE, OPTIONS, HEAD"
Access-Control-Allow-Origin:"*"
Access-Control-Max-Age:"1209600"
Allow:"HEAD, GET, OPTIONS"
Connection:"keep-alive"
Content-Length:"18"
Content-Type:"text/plain"
Date:"Thu, 15 Jan 2015 15:23:01 GMT"
Server:"WildFly/8"


except when I have an internal exception that returns error code 500:

GET 500 Internal Server Error
Connection:"keep-alive"
Content-Length:"8228"
Content-Type:"text/html; charset=UTF-8"
Date:"Thu, 15 Jan 2015 15:23:01 GMT"


How can I make 500 responses contain those headers?

Answer

Use an ExceptionMapper:

@Provider
public class CorsExceptionMapper implements ExceptionMapper<Exception> {

    @Override
    public Response toResponse(Exception ex) {
        ResponseBuilder responseBuilder = Response.serverError();
        responseBuilder.header("Access-Control-Allow-Origin", "*");
        responseBuilder.header("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, auth-token");
        responseBuilder.header("Access-Control-Allow-Credentials", "true");
        responseBuilder.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
        responseBuilder.header("Access-Control-Max-Age", "1209600");
        return responseBuilder.build();
    }

}

To avoid duplication of headers you should use:

cResp.getHeaders().putSingle() 

In the ContainerResponseFilter.