You can set CORS filter on your web.xml or on your tomcat’s web.xml, like this.
CorsFilter org.apache.catalina.filters.CorsFilter CorsFilter /*
1. Your system gets insecure because of this, especially on PROD site where you don’t want someone to invoke your RESTFul services with swagger ui.
The best practice is to :
Don’t setup CORS but set up swagger ui static site with the same origin with your RESTFul services, on your local machine, test server, but not on PROD server.
1. The PROD will be safe.
2. Both the domain name and port should be the same with your RESTFul services.
3. You can easily set this up with apache httpd.