I have two webapps. One that is serving content to the other over XHR/REST calls. One is in Tomcat 7 (with CSRF protection), and the other is in Spring's tcServer 6 (Tomcat 6.x). The servers and webapps are setup as such:
- Tomcat 7 with CSRF on port 8081; webapp communicates with other apps via REST
- Tomcat 6 on port 8080; webapp calls other apps via XHR/AJAX
The problem that I am having is that the second webapp requests data from the first via XHR/AJAX with a REST URL, but the Tomcat 7 server that the first webapp runs in is identifying the request as CSRF.
How do I enable REST communication for other sites for my webapp in Tomcat 7?