I am working on a webapp that logs into Tomcat A for its initial call. The JSP file that gets returned needs to get periodic updates from Tomcat B and Tomcat C by using Dojo ajax calls. Luckily the project requires require support for only Firefox 8+, which means that the Access-Control-Allow-Origin header should be enough to fix this problem. I was looking at the CORS Filter. It looks like it could solve the problem, but the security team is too backed up that they wouldn't have time to vet it until long after the delivery date.
Is there some way to configure Tomcat to enable CORS? I saw some mention of a crossdomain.xml file in some Flex discussions but have not found any documentation on how to use it. Is the only option available to create a Servlet Filter that mirrors the CORS Filter or does anyone know of some alternatives?