I am developing an example of a rest api using jax rs and reached the point of having to add support for CORS and be able to consume it from an app made in React, the other day I published the REST API in an online server and when I consume it in React locally it works, but if I try to consume it from a page like Stackblitz or resttesttest it doesn't work.
It is worth mentioning that I am using Wildfly 13 as a server, I have already reviewed many different filter examples but none work for me in stackblitz or resttesttest.
Test API using filter: my api
here is my filter
@Provider
public class CorsResponseFilter implements Filter {
/**
* Default constructor.
*/
public CorsResponseFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
System.out.println("CORSFilter HTTP Request: " + request.getMethod());
// Authorize (allow) all domains to consume the content
((HttpServletResponse) servletResponse).addHeader("Access-Control-Allow-Origin", "*");
((HttpServletResponse) servletResponse).addHeader("Access-Control-Allow-Methods","GET, OPTIONS, HEAD, PUT, POST");
HttpServletResponse resp = (HttpServletResponse) servletResponse;
// For HTTP OPTIONS verb/method reply with ACCEPTED status code -- per CORS handshake
if (request.getMethod().equals("OPTIONS")) {
resp.setStatus(HttpServletResponse.SC_ACCEPTED);
return;
}
// pass the request along the filter chain
chain.doFilter(request, servletResponse);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
The message I get in the browser console is this:
[Mixed-Content] The origin 'https://js-87ppru.stackblitz.io' was loaded in a secure context but tried to load an insecure resource at 'http://node42071-env-8457498.jl.serv.net.mx/api'.
Here is the stackblitz example I use https://stackblitz.com/edit/js-87ppru
Note: I'm not interested in using a proxy like heroku's.
Stackblitz has an address
https://stackblitz.com/edit/...
That is, it uses HTTP S .
The error tells you that from an HTTPS domain you cannot make a call that requires CORS to an HTTP server . The other way around wouldn't work either.