elmot/MyCORSFilter.java

## MyCORSFilter.java
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Provides CORS headers for HTTP requests.
 *
 * @author Vaadin Ltd
 */
@WebFilter(urlPatterns = "/*")
public class MyCORSFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }


    @Override
    public void destroy() {

    }

    /**
     * Override to handle the CORS requests.
     */

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        {
            HttpServletRequest request = (HttpServletRequest) servletRequest;
            HttpServletResponse response = (HttpServletResponse) servletResponse;
// Origin is needed for all CORS requests
            String origin = request.getHeader("Origin");
            if (origin != null && isAllowedRequestOrigin(origin)) {

// Handle a preflight "option" requests
                if ("options".equalsIgnoreCase(request.getMethod())) {
                    response.addHeader("Access-Control-Allow-Origin", origin);
                    response.setHeader("Allow",
                            "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");

// allow the requested method
                    String method = request
                            .getHeader("Access-Control-Request-Method");
                    response.addHeader("Access-Control-Allow-Methods", method);

// allow the requested headers
                    String headers = request
                            .getHeader("Access-Control-Request-Headers");
                    response.addHeader("Access-Control-Allow-Headers", headers);

                    response.addHeader("Access-Control-Allow-Credentials",
                            "true");
                    response.setContentType("text/plain");
                    response.setCharacterEncoding("utf-8");
                    response.getWriter().flush();
                    return;
                } // Handle UIDL post requests
                else if ("post".equalsIgnoreCase(request.getMethod())) {
                    response.addHeader("Access-Control-Allow-Origin", origin);
                    response.addHeader("Access-Control-Allow-Credentials",
                            "true");
                    filterChain.doFilter(request, response);
                    return;
                }
            }

// All the other requests nothing to do with CORS
            filterChain.doFilter(request, response);

        }
    }

    /**
     * Check that the page Origin header is allowed.
     */

    private boolean isAllowedRequestOrigin(String origin) {
// TODO: Remember to limit the origins.
        return origin.matches(".*");
    }
}
	import javax.servlet.Filter;
	import javax.servlet.FilterChain;
	import javax.servlet.FilterConfig;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.annotation.WebFilter;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import java.io.IOException;

	/**
	* Provides CORS headers for HTTP requests.
	*
	* @author Vaadin Ltd
	*/
	@WebFilter(urlPatterns = "/*")
	public class MyCORSFilter implements Filter {

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {

	}


	@Override
	public void destroy() {

	}

	/**
	* Override to handle the CORS requests.
	*/

	@Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
	{
	HttpServletRequest request = (HttpServletRequest) servletRequest;
	HttpServletResponse response = (HttpServletResponse) servletResponse;
	// Origin is needed for all CORS requests
	String origin = request.getHeader("Origin");
	if (origin != null && isAllowedRequestOrigin(origin)) {

	// Handle a preflight "option" requests
	if ("options".equalsIgnoreCase(request.getMethod())) {
	response.addHeader("Access-Control-Allow-Origin", origin);
	response.setHeader("Allow",
	"GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");

	// allow the requested method
	String method = request
	.getHeader("Access-Control-Request-Method");
	response.addHeader("Access-Control-Allow-Methods", method);

	// allow the requested headers
	String headers = request
	.getHeader("Access-Control-Request-Headers");
	response.addHeader("Access-Control-Allow-Headers", headers);

	response.addHeader("Access-Control-Allow-Credentials",
	"true");
	response.setContentType("text/plain");
	response.setCharacterEncoding("utf-8");
	response.getWriter().flush();
	return;
	} // Handle UIDL post requests
	else if ("post".equalsIgnoreCase(request.getMethod())) {
	response.addHeader("Access-Control-Allow-Origin", origin);
	response.addHeader("Access-Control-Allow-Credentials",
	"true");
	filterChain.doFilter(request, response);
	return;
	}
	}

	// All the other requests nothing to do with CORS
	filterChain.doFilter(request, response);

	}
	}

	/**
	* Check that the page Origin header is allowed.
	*/

	private boolean isAllowedRequestOrigin(String origin) {
	// TODO: Remember to limit the origins.
	return origin.matches(".*");
	}
	}