External JSDO service and cross-domain origin

Hi Oliver,

I had encountered a similar issue in Rollbase before. The module I was working on is trying to receive a JSON response from Rollbase but it got blocked due to cross-domain restrictions. Though, I wasn't able to make it work in the public cloud because the headers were not allowed to be modified back then.

Can you provide some more information related to your issue? I might be able to help more if you provide me the following information:
1. Is your application hosted in a private or a public cloud?
2. Are you sending the request from a mobile device?
3. Are you sending the request URL with HTTP or HTTPS?

To progress this issue a bit faster, would you kindly send me a console log from your browser. I will sending you an email to which you can reply so that this confidential information remains secure.


Regards,
Godfrey

Hi Godfrey.

Thank you for your help.

1. The application is hosted in the public cloud. I think it's not possible to use the Mobile App Builder in the private cloud.

2. No, I'm testing it in the web browser on my PC.

3. I already tried to switch from http to https but that only changed the error message... :-)

Firefox is logging "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource " when trying to access the JSDO (pdsession.login(settings.serviceURI, "", "");).

Regards

Oliver

Okay, I recognized that it is possible to use the Rollbase proxy for REST and Database service but not for JSDO service. Is there a reason for this?

Meanwhile I tried to get this CORS "feature" working but I can't . The tomcat integrated in the OpenEdge package seems to be CORS enabled because I can see the needed headers in the response. But it also doesn't work in IE11 and Firefox. Debugging is not possible because I can't use Wireshark because the connection needs SSL encryption otherwise it is blocked because of mixed content. And the browsers don't show the headers of the blocked requests.

Regards

Oliver

Hello,

For CORS to work, the server needs to return Access-Control-Allow-Origin header that web browser can use to validate the access.

I have not tried this out, however, Tomcat includes supports or CORS:

   enable-cors.org/server_tomcat.html

The CorsFilter class in Tomcat allows you to specify a url pattern so that the CORS response header are returned.

Have you tried this?

If you are not able to configure CORS for the REST API, you could connect Technical Support so that they can log a request to add the support for the CORS headers to the REST API.

I hope this helps.

Hi and thanks for your answer.

Here is a request with its response. For me this looks good. But it's only working in Chrome and not in IE11 and Firefox... (For the example I didn't use the SSL version. So I get the mixed content warning)

Request:

Request URL:http://myip/RollbaseAdapter/static/home.html

Request Method:OPTIONS

Status Code:200 OK

Request Headersview source

Accept:*/*

Accept-Encoding:gzip,deflate,sdch

Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

Access-Control-Request-Headers:pragma, cache-control

Access-Control-Request-Method:GET

Cache-Control:max-age=0

Connection:keep-alive

Host:myip

Origin:https://mobile.rollbase.com

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Response:

Access-Control-Allow-Credentials:true

Access-Control-Allow-Headers:Access-Control-Request-Headers, Accept-Language, Content-Language, Authorization, Origin, Access-Control-Request-Method, Content-Type, Accept, X-Client-Context-Id, Cache-Control, Pragma

Access-Control-Allow-Methods:OPTIONS, GET, POST, PUT, DELETE

Access-Control-Allow-Origin:https://mobile.rollbase.com

Content-Length:0

Date:Mon, 30 Jun 2014 08:05:09 GMT

Server:Apache-Coyote/1.1

Regards

Oliver