我试图调用Web服务从另一个（跨来源）一台服务器上使用一个相当基本的 jQuery.ajax POST请求。

I am attempting to call a web service on one server from another (cross origin) using a fairly basic jQuery.ajax POST request.

        return $.ajax({
            type: "POST",
            url: "http://dev.hostname.com/ws/account/example1@example.com?property_id=1&custnum=123456",
            dataType:"json"
        });

我总是得到以下错误回应...

XMLHtt prequest无法加载   的http://dev.hostname.com/ws/account/example1@example.com?property_id=1&custnum=123456.   没有访问控制 - 允许 - 原产地标头的请求的present   资源。原产地的http：//本地主机：63342 因此不允许   访问。

XMLHttpRequest cannot load http://dev.hostname.com/ws/account/example1@example.com?property_id=1&custnum=123456. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin http://localhost:63342 is therefore not allowed access.

Web服务是托管在 Java的内置新泽西的Web服务的Apache Tomcat / 8.0.8 。我曾尝试发送请求为JSONP，但是在尝试处理来自诺对象的回调时，我跑成问题。这不过另一篇文章......作为替代，我决定寻找到实现CORS响应的解决方案。现在，我是很新的Java编程，我不认为舒服，所以请多多包涵。

The web service is a Java-built Jersey based web service hosted on Apache Tomcat/8.0.8. I have tried sending the request as JSONP but that ran me into issues when attempting to handle the callbacks from the promise object. That's another post however ... As an alternative I decided to look into implementing a CORS Response solution. Now I am VERY new to Java programming and am not that comfortable with it so please bear with me.

我已经看过了实现CORS两个主要解决方案。一是要建立一个自定义响应滤波器。我无法得到的工作，但随后发现，由于Tomcat的7.0据说已经提供的过滤器。我看到的第二个解决方案的几个职位，但绝对没有运气吧。使用我加提供的 Apache Tomcat的文档中的指导原则以下过滤器信息的应用程序的web.xml文件（我自己也尝试将它添加到根的web.xml和它没有在那里工作要么）。

I have looked at two primary solutions for implementing CORS. One is to build a custom response filter. I could not get that to work but then discovered that since Tomcat 7.0 a filter is supposedly already provided. I have seen several posts on this second solution but had absolutely no luck with it. Using the guidelines provided in the Apache Tomcat Documentation I added the following FILTER information to the web.xml file of the application (I have also tried adding it to the web.xml of the root and it didn't work there either).

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

由于我使用的 Tomcat的8.0.8 。我本来期望这个工作，但我仍然得到同样的错误。我失去了一些东西？

Since I am using Tomcat 8.0.8. I would have expected this to work, yet I continue to get the same error. Am I missing something?

感谢您的帮助。

更新时间：

我是从萤火虫调用Firefox中的服务时，添加标题。这是请求头...

I am adding the headers from Firebug when calling the service in Firefox. This is the Request header ...

Accept  application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control   no-cache
Connection  keep-alive
Content-Length  0
Host    dev.hostname.com
Origin  http://localhost:63342
Pragma  no-cache
Referer http://localhost:63342/keurig/default.html
User-Agent  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0

这是响应头

Content-Length  0
Content-Type    text/plain
Date    Thu, 21 Aug 2014 17:50:58 GMT
Server  Apache-Coyote/1.1

我绝对看不到任何希望是看到在响应访问 - 控制 - *头。

I definitely do not see any of the "Access-Control-*" headers that would expect to be see in the response.

推荐答案

这里提供的CORS的配置为我工作，但直到我已经删除的允许头的空间，在最后一个头的逗号后面。

The CORS configuration provided here worked for me, but not until I had removed the space in 'Allowed Headers' after the comma in the last header.

<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,上次修改＆LT; /参数值＆GT;

在我拿出了空间之前的Last-Modified我成功了。

Once I took out that space before "Last-Modified" I was in business.