I am running a Java app with Jetty-Runner on Heroku (let's call it Website A)
Then I have a Web app running on Website B, connecting to A using Cometd.
Comet connection stays open for 30 seconds and then it returns if no data is received from the server.
I have setup CORS parameters on Jetty's web.xml so that B accesses A with no problem.
Now the problem: if the comet's 30 seconds finishes and the server does not return anything, then the browser throws this error:
XMLHttpRequest cannot load [Website A]/cometd.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin '[Website B]' is therefore not allowed access.
I am running the same Java Application using Embedded Jetty on another Website (Website C) with the same CORS settings and everything works fine. In particular, when comet connection returns after 30 seconds, the response has all the headers including the 'Access-Control-Allow-Origin'. But, on Website A, after comet returns, the response do not have the headers.
So, to me, the problem is caused by Jetty-Runner not returning a response after 30 seconds, versus embedded jetty returning the response with correct headers.
My web.xml content:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>[Website B]</param-value>
</init-param>
<init-param>
<param-name>allowedMethods</param-name>
<param-value>GET,POST,DELETE,PUT,HEAD,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>allowedHeaders</param-name>
<param-value>origin, content-type, cache-control, accept</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>cometd</servlet-name>
<servlet-class>org.cometd.server.CometdServlet</servlet-class>
<init-param>
<param-name>logLevel</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>timeout</param-name>
<param-value>30000</param-value>
</init-param>
<init-param>
<param-name>jsonDebug</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<!--
To use async-supported in a servlet 3.0 compliant container,
uncomment the following tag:
<async-supported>true</async-supported>
and change the web-app tag of this document to:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
-->
</servlet>
<servlet-mapping>
<servlet-name>cometd</servlet-name>
<url-pattern>/cometd/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>admin</servlet-name>
<servlet-class>org.coweb.servlet.AdminServlet</servlet-class>
<load-on-startup>2</load-on-startup>
<init-param>
<param-name>ConfigURI</param-name>
<param-value>/WEB-INF/cowebConfig.json</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>admin</servlet-name>
<url-pattern>/admin/*</url-pattern>
</servlet-mapping>
</web-app>
Any idea how to fix this probem?
If A does not send the Access-Control-Allow-Origin header for B but it does for C, perhaps your CORS configuration is wrong ?
You did not specify how you have configured CORS on A (are you using Jetty's CrossOriginFilter ?).
I see no reason why Jetty Runner (which is just a Jetty embedded that deploys your war) should mess with the CORS configuration of a web application ?