Hi all,
First of all, i've the 11.7 version of the PDSOE, so i'm using the PAS for OpenEdge Server...
I'm developing an Angular application and trying to connect it to a REST service published on Progress Application Server, I receive response doing the call with postman, but when i do the call from the brower, it sends me the next message:
Failed to load http://<server>:<port>/<app>/rest/<appService>/<Service>: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://<angular_app>:<port>' is therefore not allowed access.
I understand that i've to modificate the oablSecurity.properties, so, the question is:
Which parameters need to be activated/updated?
Kind Regards
First of all, make sure that you add the credentials from Angular:
stackoverflow.com/.../angular-2-http-withcredentials
second, read the site: https://enable-cors.org/ to understand why you get a preflight request.
last: search for the conf/oeablSecurity.properties file and the CORS section:
OECORSFilter.allowAll=true
OECORSFilter.responseHeaders=Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,X-CLIENT-CONTEXT-ID
OECORSFilter.allowDomains=
OECORSFilter.allowSubdomains=false
OECORSFilter.allowMethods=GET,POST,PUT,DELETE,OPTIONS,PATCH
OECORSFilter.messageHeaders=Accept,Accept-Language,Content-Language,Content-Type,X-CLIENT-CONTEXT-ID,Origin,Access-Control-Request-Headers,Access-Control-Request-Method,Pragma,Cache-control,Authorization,hoppa
OECORSFilter.supportCredentials=true
OECORSFilter.maxAge=-1
Make sure that for the time being OECORSFilter.allowAll=true
I agree with bronco. Get familiar with the links provided in bronco's post for background on how things work with CORS.
The response message you are receiving is actually telling you exactly what header the browser is looking for in the OPTIONS call and not seeing. Add 'Access-Control-Allow-Origin' to the OECORSFilter.messageHeaders entry in oeablSecurity.properties, and restart the web app. After doing that you may see the response message change to another header the browser is expecting (say 'X-Requested-With'), and need to also add that.
Hi bronco,
I read the posts and modified my oeablSecurity but it stills not working....
I deactivated the cors in the browser and it works :/, analizing the responses that I got, I realized that in PASOE v11.7 the response header is incomplete...
Response Header 11.7
HTTP/1.1 200
Content-Length: 0
Date: Tue, 24 Jul 2018 20:46:17 GMT
while in the version 11.6 it is complete
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: <http_origin>
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: PUT, GET, OPTIONS, DELETE, PATCH, POST
Access-Control-Allow-Headers: Access-Control-Request-Headers, Accept-Language, Content-Language, Authorization, Origin, Access-Control-Request-Method, Content-Type, Accept, X-Client-Context-Id, Cache-Control, Pragma
Content-Length: 0
Date: Tue, 24 Jul 2018 20:46:33 GMT
My oeablSecurity.properties in the conf/ directory of my PASOE instance is configured like this
OECORSFilter.allowAll=true
OECORSFilter.responseHeaders=Access-Control-Allow-Origin,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,X-CLIENT-CONTEXT-ID
OECORSFilter.allowDomains=
OECORSFilter.allowSubdomains=false
OECORSFilter.allowMethods=GET,POST,PUT,DELETE,OPTIONS,PATCH
OECORSFilter.messageHeaders=Accept,Accept-Language,Content-Language,Content-Type,X-CLIENT-CONTEXT-ID,Origin,Access-Control-Request-Headers,Access-Control-Request-Method,Pragma,Cache-control,Authorization
OECORSFilter.supportCredentials=true
OECORSFilter.maxAge=-1
Do you have an idea of what I'm doing wrong?
Thanks for your help,
Have you tried adding the header the browser is complaining about to your messageHeaders entry and restarting the web app?