How did we debug a cors issue in tomcat container
Like we were facing this issue in our test environment one fine day.The app was working fine previously and nothing changed in between.
Also the same service was working in prod fine.
Access to XMLHttpRequest at ‘https://myexample.com/api' from origin ‘https://mywebsite.com' has been blocked by CORS policy: The value of the ‘Access-Control-Allow-Credentials’ header in the response is ‘’ which must be ‘true’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Current App St:
So we were using the withCredentials attribute in our client requests and it is expected that the server respond with the response header ‘Access-Control-Allow-Credentials’ as true.
We were using org.apache.catalina.filters.CorsFilter in our web.xml and it was not having the below entry which sends this response header.
We were getting this response header in production but not in test.
So why is that response header sent in prod and why it suddenly stopped working in test env.
We verified if any specific commits were pushed related to this but there weren’t any and prod code was in sycn with test env.
So I looked into the filter code here where in the default value for cors.support.credentials was false by default.
public static final String DEFAULT_SUPPORTS_CREDENTIALS = "false";
Also I was able to find this piece of code here where the default was true for credentials support.
public static final String DEFAULT_SUPPORTS_CREDENTIALS = "true";
So looked like in our test env, the tomcat server environment changed and when we traced back, I was later updated that there was an upgrade in test environment.
OOps, better be explicit in configs.And on the comment that nothing changed between prod and test, but it did change.