Shay Shmeltzer's Oracle Development Tools Tips

Enabling CORS for ADF Business Component REST Services

Shay Shmeltzer
Director of Product Management - Oracle

CORS (which stands for Cross-Origin Resource Sharing) is a setting that will enable your REST services running on one server to be invoked from applications running on another server.

I first encountered this when I was trying to run an Oracle JET project in my NetBeans IDE that will access a set of REST services I exposed using Oracle ADF Business Component in my JDeveloper environment. Since NetBeans runs the HTML on a GlassFish instance, while JDeveloper ran the ADF BC layer on a WebLogic instance I got the dreaded No 'Access-Control-Allow-Origin' header is present error:

 XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8383' is therefore not allowed access.

There is no built-in functionality to enable CORS for ADF BC in JDeveloper, but I found it very easy to leverage the CORS Filter libraries to do this. All you need to do is add the two JAR files it provides to your project and configure the web.xml to support the filter and the specific REST operations you want to enable CORS for.

Here is a quick video showing you the complete setup (using the REST ADF BC project created here).

The web.xml addition is:

                <param-value>GET, POST, HEAD, PUT, PATCH, DELETE</param-value>

If you follow my approach in the video and add the JARs as a new user library to JDeveloper and don't forget to check the "Deploy by Default" check box for the library.

Join the discussion

Comments ( 4 )
  • guest Tuesday, December 1, 2015

    Thanks Shay for this piece. It works perfectly. You saved me some stress. Thumbs up.

  • guest Wednesday, May 11, 2016

    after the rest service has been secured by JpsFilter and OWSMSecurityFilter, this CORS filter stops working. Any advice?

  • Tanveer Friday, July 29, 2016

    I am still getting below error while I try to make call to ODCS REST API

    Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access.

  • Pani Thursday, July 2, 2020
    I am still getting the CORS Policy error after enabling the ADF security ( Basic Authentication / Authorization)

    Please advise
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.