CORS problems

Hi,

I have some error with my CORS configuration:
I already follow this link : https://documentation.bonitasoft.com/bonita/7.10/enable-cors-in-tomcat-bundle.
In my web.xml ( in my bonita.war) i have added:
 


<!-- CORS filter -->
    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>
            <param-value>*</param-value>
        </init-param>

        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
        </init-param>

      <!-- List of the response headers other than simple response headers that the browser should expose to
        the author of the cross-domain request through the XMLHttpRequest.getResponseHeader() method.
        The CORS filter supplies this information through the Access-Control-Expose-Headers header. -->
        <init-param>
            <param-name>cors.exposed.headers</param-name>
            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token</param-value>
        </init-param>

      <!-- The names of the supported author request headers. These are advertised through the Access-Control-Allow-Headers header.
        The CORS Filter implements this by simply echoing the requested value back to the browser.
      -->
        <init-param>
            <param-name>cors.allowed.headers</param-name>
            <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Bonita-API-Token</param-value>
        </init-param>
    </filter>


Just before the first filter.

I have restart my bundle, and try to access to Bonita through the code in the previous link.
This error occurred :

Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'null' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

So i have replace the wildcard '*' with my origin adress : 

<init-param>
          <param-name>cors.allowed.origins</param-name>
          <param-value>http://myoriginAdress</param-value>
</init-param>

But, one other error occured:

Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'http://myoriginAdress:8080' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

If someone can help me about that, that will be great :)

Regards,

Resolve.

For information, i have added those lines in CorsFilter:

<init-param>
            <param-name>cors.support.credentials</param-name>
            <param-value>true</param-value>
        </init-param>

Hi,

I've added those lines on my web.xml, but it didn't worked.

i still get that error:

Access to XMLHttpRequest at 'http://localhost:53100/bonita/logoutservice?redirect=false' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Thanks.

 

Hi friend. Can you share here all the lines of code of your web.xml file? It would be of great help to me

Can you share the path for XML file where you are placing the CORS filter.
I hope you are adding the code in the correct directory inside the correct file.

Hello.
in this directory
C:\BonitaStudioCommunity-2022.1-u0\workspace\tomcat\server\webapps\bonita\WEB-INF\web.xml

and this is the complete code

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
    <display-name>Bonita</display-name>

    <!--  Error pages -->
    <error-page>
        <error-code>500</error-code>
        <location>/error/500</location>
    </error-page>
    <error-page>
        <error-code>403</error-code>
        <location>/error/403</location>
    </error-page>
    <error-page>
        <error-code>404</error-code>
        <location>/error/404</location>
    </error-page>
<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>

  </init-param>

  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>

  </init-param>

  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,HEAD,POST,PUT,DELETE,OPTIONS</param-value>

  </init-param>

  <!-- List of the response headers other than simple response headers that the browser should expose to
    the author of the cross-domain request through the XMLHttpRequest.getResponseHeader() method.
    The CORS filter supplies this information through the Access-Control-Expose-Headers header. -->
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token</param-value>
  </init-param>

  <!-- The names of the supported author request headers. These are advertised through the Access-Control-Allow-Headers header.
    The CORS Filter implements this by simply echoing the requested value back to the browser.
  -->
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Bonita-API-Token</param-value>
  </init-param>

</filter>
...
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>


    <!-- No Cache Filter -->
    <filter>
        <filter-name>NoCacheFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.filter.NoCacheFilter</filter-class>
    </filter>
    
    <!-- Security Filters -->
    <filter>
        <filter-name>FrameSecurityFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.login.filter.FrameSecurityFilter</filter-class>
        <init-param>
            <param-name>X-Frame-Options</param-name>
            <param-value>SAMEORIGIN</param-value>
        </init-param>
        <!--
            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value>^/(bonita/)?(portal/resource/.+/content/$)|(portal/custom-page/.+/$)</param-value>
        </init-param -->
    </filter>
    <filter>
        <filter-name>ContentTypeSecurityFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.login.filter.ContentTypeSecurityFilter</filter-class>
        <init-param>
            <param-name>X-Content-Type-Options</param-name>
            <param-value>nosniff</param-value>
        </init-param>
        <!--
            The there is no default excludePattern for this filter, but you can uncomment it and add one if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value></param-value>
        </init-param -->
    </filter>
    
    <!--Rest filter -->
    <filter>
        <filter-name>RestAPIAuthorizationFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.login.filter.RestAPIAuthorizationFilter</filter-class>
        <!--
            We need to let a set of URL accessible in order to serve the translations
            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value>^/(bonita/)?((apps/.+/)|(portal/resource/.+/))?(API|APIToolkit)/system/(i18ntranslation|feature)</param-value>
        </init-param-->
    </filter>
    <filter>
        <filter-name>RestAPIAuthorizationFilterToolkit</filter-name>
        <filter-class>org.bonitasoft.console.common.server.login.filter.RestAPIAuthorizationFilter</filter-class>
        <!--
            We need to let a set of URL accessible in order to serve the translations
            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value>^/(bonita/)?((apps/.+/)|(portal/resource/.+/))?(API|APIToolkit)/system/(i18ntranslation|feature)</param-value>
        </init-param-->
    </filter>
    <!-- Token Filter -->
    <filter>
        <filter-name>TokenGeneratorFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.login.filter.TokenGeneratorFilter</filter-class>
    </filter>
    <!-- Token Validator Filter -->
    <filter>
        <filter-name>TokenValidatorFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.login.filter.TokenValidatorFilter</filter-class>
        <!--
            We need to let a set of URL accessible in order to handle the translations on the login page and token request
            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value>^/(bonita/)?((apps/.+/)|(portal/resource/.+/))?(API|APIToolkit)/system/(i18ntranslation|feature|session)</param-value>
        </init-param-->
    </filter>
    <filter>
        <filter-name>AuthenticationFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.login.filter.AuthenticationFilter</filter-class>
        <!--
            The AuthenticationFilter check credentials when access is requested
            However, to ensure authentication redirect and/or error handling works properly,
            we need to let a set of pages not securized :
            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value>^/(bonita/)?(login.jsp$)|(apps/.+/API/)|(portal/resource/.+/API/)</param-value>
        </init-param -->
        <init-param>
            <param-name>redirectWhenUnauthorized</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <!-- Cache Filter -->
    <filter>
        <filter-name>CacheFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.filter.CacheFilter</filter-class>
        <init-param>
            <param-name>duration</param-name>
            <param-value>36000</param-value>
        </init-param>
        <init-param>
            <param-name>alwaysCaching</param-name>
            <param-value>true</param-value>
        </init-param>
        <!--
            We need to let a set of URL not cached (the ones serving the HTML content) in order to handle the sessions timeout
            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value>^/(bonita/)?(apps/.+/$)|(portal/resource/.+/content/$)|(portal/custom-page/.+/$)|(portal/custom-page/API/)</param-value>
        </init-param -->
    </filter>

    <filter>
        <filter-name>CustomPageCacheFilter</filter-name>
        <filter-class>org.bonitasoft.console.common.server.filter.CacheFilter</filter-class>
        <init-param>
            <param-name>duration</param-name>
            <param-value>15768000</param-value>
        </init-param>
        <init-param>
            <param-name>alwaysCaching</param-name>
            <param-value>false</param-value>
        </init-param>
        <!--
            We need to let a set of URL not cached (the ones serving the HTML content) in order to handle the sessions timeout
            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
        -->
        <!-- init-param>
            <param-name>excludePattern</param-name>
            <param-value>^/(bonita/)?(apps/.+/$)|(portal/resource/.+/content/$)|(portal/custom-page/.+/$)|(portal/custom-page/API/)</param-value>
        </init-param -->
    </filter>

    <filter>
        <filter-name>UrlRewriteFilter</filter-name>
        <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
        <init-param>
            <param-name>logLevel</param-name>
            <param-value>slf4j</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>NoCacheFilter</filter-name>
        <url-pattern>/portal/formsDocumentDownload</url-pattern>
        <url-pattern>/portal/formsDocumentImage</url-pattern>
        <url-pattern>/portal/downloadDocument</url-pattern>
        <url-pattern>/portal/documentDownload</url-pattern>
        <url-pattern>/portal/runreport</url-pattern>
        <url-pattern>/API/*</url-pattern>
        <url-pattern>/APIToolkit/*</url-pattern>
        <url-pattern>/portal/custom-page/API/*</url-pattern>
        <url-pattern>/portal.js/index.html</url-pattern>
        <!-- New manage on no cache Filter -->
        <url-pattern>/portal/exportOrganization</url-pattern>
        <url-pattern>/portal/pageDownload</url-pattern>
        <url-pattern>/portal/exportActors</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>FrameSecurityFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>ContentTypeSecurityFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>TokenValidatorFilter</filter-name>
        <url-pattern>/API/*</url-pattern>
        <url-pattern>/APIToolkit/*</url-pattern>
        <!--
            In the case of a custom page served in a custom profile calls to the
            REST API are done though /portal/custom-page/API
        -->
        <url-pattern>/portal/custom-page/API/*</url-pattern>
        <!--
            In the case of a form or in the case of a custom page served in a living application
            REST API are done though /portal/resource/*/API or /apps/*/API (layout)
        -->
        <url-pattern>/portal/resource/*</url-pattern>
        <url-pattern>/apps/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>AuthenticationFilter</filter-name>
        <url-pattern>/portal/*</url-pattern>
        <url-pattern>/portal.js/*</url-pattern>
        <url-pattern>/apps/*</url-pattern>
        <url-pattern>/services/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>RestAPIAuthorizationFilter</filter-name>
        <url-pattern>/API/*</url-pattern>
        <url-pattern>/APIToolkit/*</url-pattern>
        <!-- see TokenValidatorFilter comment -->
        <url-pattern>/portal/custom-page/API/*</url-pattern>
        <url-pattern>/portal/formsDocumentDownload</url-pattern>
        <url-pattern>/portal/documentDownload</url-pattern>
        <url-pattern>/portal/downloadDocument</url-pattern>
        <url-pattern>/portal/pageDownload</url-pattern>
        <url-pattern>/services/*</url-pattern>
        <url-pattern>/portal/exportOrganization</url-pattern>
        <!--  Add more servlet mappings here -->
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>RestAPIAuthorizationFilterToolkit</filter-name>
        <url-pattern>/APIToolkit/*</url-pattern>
        <!-- No need to handle the forward as requests forwarded to this URL are already filtered by RestAPIAuthorizationFilter -->
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>TokenGeneratorFilter</filter-name>
        <url-pattern>/API/system/session/*</url-pattern>
        <url-pattern>/APIToolkit/system/session/*</url-pattern>
        <!-- see TokenValidatorFilter comment -->
        <url-pattern>/portal/custom-page/API/system/session/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <!-- Cache Filter Mapping Start -->
    <filter-mapping>
        <filter-name>CacheFilter</filter-name>
        <url-pattern>/login.jsp</url-pattern>
        <url-pattern>/portal/pageResource</url-pattern>
        <url-pattern>/platformloginservice</url-pattern>
        <url-pattern>/platformlogoutservice</url-pattern>
        <url-pattern>/API/system/i18ntranslation</url-pattern>
        <url-pattern>/API/avatars/*</url-pattern>
        <url-pattern>/API/applicationIcon/*</url-pattern>
        <!-- War -->
        <url-pattern>/css</url-pattern>
        <url-pattern>/images</url-pattern>
        <url-pattern>/portal-theme</url-pattern>
        <url-pattern>/portal.js/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CustomPageCacheFilter</filter-name>
        <url-pattern>/portal/resource/*</url-pattern>
        <url-pattern>/portal/resource/app/*</url-pattern>
        <url-pattern>/apps/*</url-pattern>
        <url-pattern>/portal/custom-page/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

    <!-- Cache Filter Mapping End -->
    <!--  Filter for Toolkit API URLs -->
    <filter-mapping>
        <filter-name>UrlRewriteFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <!-- End Filter for restlet URLs -->

    <!-- Shutdown properly ehcache on tomcat shutdown -->
    <listener>
        <listener-class>net.sf.ehcache.constructs.web.ShutdownListener</listener-class>
    </listener>
    <!-- Platform and tenant listeners -->
    <!-- For Apps containing the engine server -->
    <listener>
        <listener-class>org.bonitasoft.engine.api.internal.servlet.EngineInitializerListener</listener-class>
    </listener>
    <listener>
        <listener-class>org.bonitasoft.console.common.server.servlet.PlatformTenantListener</listener-class>
    </listener>

    <servlet>
        <servlet-name>errorPageServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.ErrorPageServlet</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>BonitaRestAPIServlet</servlet-name>
        <servlet-class>org.bonitasoft.web.rest.server.BonitaRestAPIServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>RestletServlet</servlet-name>
        <servlet-class>org.bonitasoft.web.rest.server.BonitaRestletApplicationServlet</servlet-class>
    </servlet>
    <!-- Restlet servlet needs its own declaration for each URL pattern otherwise, only the first pattern works -->
    <servlet>
        <servlet-name>CustomPageRestletServlet</servlet-name>
        <servlet-class>org.bonitasoft.web.rest.server.BonitaRestletApplicationServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>ConsoleServiceServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.server.ConsoleServiceServlet</servlet-class>
    </servlet>
    <!-- Portal file upload servlets -->
    <servlet>
        <servlet-name>fileUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>formFileUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet</servlet-class>
        <init-param>
            <param-name>ContentType</param-name>
            <param-value>json</param-value>
        </init-param>
        <init-param>
            <param-name>ReturnOriginalFilename</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>CheckUploadedFileSize</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>
    <servlet>
        <servlet-name>processUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet</servlet-class>
        <init-param>
            <param-name>SupportedExtensions</param-name>
            <param-value>bar</param-value>
        </init-param>
    </servlet>
    <servlet>
        <servlet-name>apiProcessUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet</servlet-class>
        <init-param>
            <param-name>SupportedExtensions</param-name>
            <param-value>bar</param-value>
        </init-param>
        <init-param>
            <param-name>ReturnOriginalFilename</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>ContentType</param-name>
            <param-value>json</param-value>
        </init-param>
    </servlet>
    <servlet>
        <servlet-name>xmlUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet</servlet-class>
        <init-param>
            <param-name>SupportedExtensions</param-name>
            <param-value>xml</param-value>
        </init-param>
    </servlet>
    <servlet>
        <servlet-name>imageUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet</servlet-class>
        <init-param>
            <param-name>SupportedExtensions</param-name>
            <param-value>png,jpg,gif,jpeg,bmp,wbmp,tga</param-value>
        </init-param>
        <init-param>
            <param-name>CheckUploadedImageSize</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>
    <servlet>
        <servlet-name>apiImageUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet</servlet-class>
        <init-param>
            <param-name>SupportedExtensions</param-name>
            <param-value>png,jpg,gif,jpeg,bmp,wbmp,tga</param-value>
        </init-param>
        <init-param>
            <param-name>ContentType</param-name>
            <param-value>json</param-value>
        </init-param>
        <init-param>
            <param-name>ReturnOriginalFilename</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>CheckUploadedImageSize</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>

    <servlet>
        <servlet-name>organizationIconServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.OrganizationIconServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>applicationIconServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.ApplicationIconServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>loginService</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.login.servlet.LoginServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>logoutService</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.login.servlet.LogoutServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>platformLoginService</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.login.servlet.PlatformLoginServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>platformLogoutService</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.login.servlet.PlatformLogoutServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>exportOrganizationServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.server.servlet.OrganizationExportServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>exportApplicationsServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.server.servlet.ApplicationsExportServlet</servlet-class>
    </servlet>

    <!-- download -->
    <servlet>
        <servlet-name>deprecatedDocumentDownloadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>documentDownload</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>formsDocumentDownload</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>formsDocumentImage</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.DocumentImageServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>exportOrganizationServlet</servlet-name>
        <url-pattern>/portal/exportOrganization</url-pattern>
        <url-pattern>/portal/custom-page/API/exportOrganization</url-pattern>
        <url-pattern>/API/exportOrganization</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>exportApplicationsServlet</servlet-name>
        <url-pattern>/portal/exportApplications</url-pattern>
    </servlet-mapping>
    <servlet>
        <servlet-name>exportProcessActorsServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.server.servlet.ProcessActorsExportServlet</servlet-class>
    </servlet>
    <!-- Pages -->
    <servlet>
        <servlet-name>CustomPageServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.page.CustomPageServlet</servlet-class>
    </servlet>
    <!--This pageResource servlet is deprecated.
        You can now access your resources through their relative URL.
        see the custom page documentation.-->
    <servlet>
        <servlet-name>pageResource</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.page.PageResourceServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>pageDownload</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.page.PageDownloadServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>pageUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.PageUploadServlet</servlet-class>
        <init-param>
            <param-name>SupportedExtensions</param-name>
            <param-value>zip</param-value>
        </init-param>
        <init-param>
            <param-name>ReturnOriginalFilename</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>
    <servlet>
        <servlet-name>apiPageUploadServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.servlet.PageUploadServlet</servlet-class>
        <init-param>
            <param-name>SupportedExtensions</param-name>
            <param-value>zip</param-value>
        </init-param>
        <init-param>
            <param-name>ContentType</param-name>
            <param-value>json</param-value>
        </init-param>
        <init-param>
            <param-name>ReturnOriginalFilename</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>
    <!-- End Pages -->
    <!-- Forms -->
    <servlet>
        <servlet-name>ProcessFormServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.form.ProcessFormServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>livingApplicationServlet</servlet-name>
        <servlet-class>org.bonitasoft.livingapps.LivingApplicationServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>livingApplicationPageServlet</servlet-name>
        <servlet-class>org.bonitasoft.livingapps.LivingApplicationPageServlet</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>PageServlet</servlet-name>
        <servlet-class>org.bonitasoft.console.common.server.page.PageServlet</servlet-class>
    </servlet>
    <!-- For engine HTTP API -->
    <servlet>
        <servlet-name>HttpAPIServlet</servlet-name>
        <servlet-class>org.bonitasoft.engine.api.internal.servlet.HttpAPIServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>errorPageServlet</servlet-name>
        <url-pattern>/error/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>livingApplicationServlet</servlet-name>
        <url-pattern>/apps/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>livingApplicationPageServlet</servlet-name>
        <url-pattern>/portal/resource/app/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>processUploadServlet</servlet-name>
        <url-pattern>/portal/processUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>apiProcessUploadServlet</servlet-name>
        <url-pattern>/API/processUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>xmlUploadServlet</servlet-name>
        <url-pattern>/portal/organizationUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>xmlUploadServlet</servlet-name>
        <url-pattern>/portal/applicationsUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>xmlUploadServlet</servlet-name>
        <url-pattern>/portal/actorsUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>imageUploadServlet</servlet-name>
        <url-pattern>/portal/imageUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>apiImageUploadServlet</servlet-name>
        <url-pattern>/API/imageUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>fileUploadServlet</servlet-name>
        <url-pattern>/portal/fileUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>formFileUploadServlet</servlet-name>
        <url-pattern>/API/formFileUpload</url-pattern>
        <url-pattern>/portal/custom-page/API/formFileUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>exportProcessActorsServlet</servlet-name>
        <url-pattern>/portal/exportActors</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>organizationIconServlet</servlet-name>
        <url-pattern>/API/avatars/*</url-pattern>
        <url-pattern>/portal/custom-page/API/avatars/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>applicationIconServlet</servlet-name>
        <url-pattern>/API/applicationIcon/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>deprecatedDocumentDownloadServlet</servlet-name>
        <url-pattern>/portal/downloadDocument</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>documentDownload</servlet-name>
        <url-pattern>/portal/documentDownload</url-pattern>
        <url-pattern>/API/documentDownload</url-pattern>
        <url-pattern>/portal/custom-page/API/documentDownload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>formsDocumentDownload</servlet-name>
        <url-pattern>/portal/formsDocumentDownload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>formsDocumentImage</servlet-name>
        <url-pattern>/portal/formsDocumentImage</url-pattern>
        <url-pattern>/API/formsDocumentImage</url-pattern>
        <url-pattern>/portal/custom-page/API/formsDocumentImage</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>loginService</servlet-name>
        <url-pattern>/loginservice</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>logoutService</servlet-name>
        <url-pattern>/logoutservice</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>platformLoginService</servlet-name>
        <url-pattern>/platformloginservice</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>platformLogoutService</servlet-name>
        <url-pattern>/platformlogoutservice</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>RestletServlet</servlet-name>
        <url-pattern>/API/*</url-pattern>
    </servlet-mapping>
    <!-- Restlet servlet needs its own declaration for each URL pattern otherwise, only the first pattern works -->
    <servlet-mapping>
        <servlet-name>CustomPageRestletServlet</servlet-name>
        <url-pattern>/portal/custom-page/API/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>BonitaRestAPIServlet</servlet-name>
        <url-pattern>/APIToolkit/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>ConsoleServiceServlet</servlet-name>
        <url-pattern>/services/*</url-pattern>
        <url-pattern>/API/services/*</url-pattern>
        <url-pattern>/portal/custom-page/API/services/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>CustomPageServlet</servlet-name>
        <url-pattern>/portal/custom-page/*</url-pattern>
    </servlet-mapping>
    <!--This pageResource servlet is deprecated.
        You can now access your resources through their relative URL.
        see the custom page documentation.-->
    <servlet-mapping>
        <servlet-name>pageResource</servlet-name>
        <url-pattern>/portal/pageResource</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>pageDownload</servlet-name>
        <url-pattern>/portal/pageDownload</url-pattern>
        <url-pattern>/API/pageDownload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>pageUploadServlet</servlet-name>
        <url-pattern>/portal/pageUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>apiPageUploadServlet</servlet-name>
        <url-pattern>/API/pageUpload</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>ProcessFormServlet</servlet-name>
        <url-pattern>/portal/form/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>PageServlet</servlet-name>
        <url-pattern>/portal/resource/*</url-pattern>
    </servlet-mapping>
    <!-- For engine HTTP API -->
    <servlet-mapping>
        <servlet-name>HttpAPIServlet</servlet-name>
        <url-pattern>/serverAPI/*</url-pattern>
    </servlet-mapping>

    <!-- Container Resources -->
    <resource-ref>
        <res-ref-name>java:comp/env/RawBonitaDS</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
    </resource-ref>
    <resource-ref>
        <res-ref-name>java:comp/env/bonitaDS</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
    </resource-ref>
    <resource-ref>
        <res-ref-name>java:comp/env/bonitaSequenceManagerDS</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
    </resource-ref>
    <resource-ref>
        <res-ref-name>java:comp/env/RawBusinessDataDS</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
    </resource-ref>
    <resource-ref>
        <res-ref-name>java:comp/env/BusinessDataDS</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
    </resource-ref>
    <resource-ref>
        <res-ref-name>java:comp/env/NotManagedBizDataDS</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
    </resource-ref>

    <!-- Default page to serve -->
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>bonita-http-api-url</web-resource-name>
            <url-pattern>/serverAPI/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>bonita-http-api</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Restricted access</realm-name>
    </login-config>

    <security-role>
        <role-name>bonita-http-api</role-name>
    </security-role>
    
</web-app>


 

 I have forget the 'space' between credential and true

cors.support.credentials true

I added this to my web.xml in the filter tag of the cors:

<init-param>
                <param-name>cors.support.credentials</param-name>
                <param-value>true</param-value>
</init-param>

The rest of the cors filter is the same as the bonita documentation

Hi friend. Can you share here all the lines of code of your web.xml file? It would be of great help to me

Hello Dibyajit.Roy.
Do you use the free version of Bonita Studio or is it a paid version?
On the other hand, if I use the line
   <init-param>
     <param-name>cors.allowed.origins</param-name>
     <param-value>*</param-value>
   </init-param>
the Bonita studio api not running

If I use the line of code
   <init-param>
     <param-name>cors.allowed.origins</param-name>
     <param-value>http://localhost:443</param-value>
   </init-param>
browser console writes

Access to XMLHttpRequest at 'http://localhost:8080/bonita/loginservice?username=walter.bates&password=bpm&redirect=false' from origin 'http://localhost:443' has been blocked by CORS policy: Response to preflight request doesn 't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
any solution for this?

Hello
I have used both Community and Subscription version.
I have been able to work with both types of bonita + Angular

I have used cors.allowed.origins '*'   and it works fine.