I have a running instance with tomcat 7 and java app. I wanted to make a copy of the instance. in Amazon, I clicked "create image", and launched a new instance from it. after that, i tried to work with the new instance. when i make simple requests it works, but when i try from a browser i get CORS error:
Access to XMLHttpRequest at 'https://xxxxxx/getConfiguration' from origin 'http://xxxxxx:9000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
nothing has changed in my server or my front-end configuration. when i work with the old server it works. the cors filter is the same:
<filter>
<filter-name>CORS</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified, Access-Control-Request-Method,Access-Control-Request-Headers,authorization</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Compare the init parameter names that you used
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>false</param-value>
</init-param>
and configuration reference documentation of Tomcat 7. You are spelling them incorrectly.
The default value of cors.allowed.origins was changed in May 2018 (for Tomcat 7.0.89, 8.5.32, 9.0.9) to address CVE-2018-8014 (bug 62343).