its definition on Wikipedia: Cross-domain resource sharing (CORS) is a technical specification for web browsers that defines a way for web servers to allow web pages to access their resources from different domains. And this access is prohibited by the same-origin policy. The CORS system defines a way for browsers and servers to interact to determine whether to allow cross-origin requests. It's a compromise, with more flexibility, but more security than simply allowing all of these requirements.
The official W3C document is still a working draft, but it is moving in the direction recommended by the W3C.
In short, CORS was born to allow AJAX to achieve controllable cross-domain access.
The configuration under Tomcat
downloads the two library files cors-filter-1.7.jar and java-property-utils-1.9.jar and puts them in the lib directory. (You can
query and download it at http://search.maven.org.) The configuration in web.xml in the project is as follows:
<filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> <init-param> <param-name>cors.allowOrigin</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.supportedMethods</param-name> <param-value>GET, POST, HEAD, PUT, DELETE</param-value> </init-param> <init-param> <param-name>cors.supportedHeaders</param-name> <param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value> </init-param> <init-param> <param-name>cors.exposedHeaders</param-name> <param-value>Set-Cookie</param-value> </init-param> <init-param> <param-name>cors.supportsCredentials</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>