I got this problem while trying to access REST web service using GWT client. I inspect the chrome page then i got the following error from console

XMLHttpRequest cannot load http://localhost:8080/RestWeb/webresources/generic/get. Origin http://127.0.0.1:8888 is not allowed by Access-Control-Allow-Origin.

Following is my client side code

public void onModuleLoad() {

    RequestBuilder builder = new RequestBuilder(RequestBuilder.GET,
            "http://localhost:8080/RestWeb/webresources/generic/get");

    builder.setCallback(new RequestCallback() {

        @Override
        public void onResponseReceived(Request request, Response response) {

            Window.alert("onResponseReceived");

        }

        @Override
        public void onError(Request request, Throwable exception) {

        }
    });
    builder.setHeader("Content-Type",
            "text/plain,application/json,text/xml");

    builder.setHeader("Access-Control-Allow-Methods",
            "PUT, GET, POST, DELETE, OPTIONS");
    builder.setHeader("Access-Control-Allow-Headers", "Content-Type");
    builder.setHeader("Access-Control-Allow-Origin", "http://127.0.0.1:8888");
try {
            builder.send();
        } catch (RequestException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}

My server side code is :

@Path("generic")
@WebService
public class GenericResource {

@Context
private UriInfo context;
@Context
private HttpServletResponse response;
private String content = "content";

/**
 * Creates a new instance of GenericResource
 */
public GenericResource() {
}

@GET

@Path("/get")
@Produces("application/json,text/plain")
public String getXml() {
    System.out.println("GET");
    //response.addHeader(content, content);

    return this.content + " from get method";

}
}

I tried in different ways to get answer. Please help me.

You need to change your server code to support CORS.

One option is a filter:

public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
            // CORS "pre-flight" request
            response.addHeader("Access-Control-Allow-Origin", "*");
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            response.addHeader("Access-Control-Allow-Headers", "Content-Type");
            response.addHeader("Access-Control-Max-Age", "1800");//30 min
        }
        filterChain.doFilter(request, response);
    }
}

The web.xml needs adding the following too:

  <filter>
    <filter-name>cors</filter-name>
    <filter-class>com.xxx.CorsFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>cors</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

Since it's an old question, if one is facing similar issues today - he or she may want to consider using a nice "CORS Filter" that handles all CORS stuff for you in a completely transparent way. Here's the link