Question
Simon Bijl · Jan 12, 2021

How to post to Cache Rest-service as https

Hello to all,
 

I created a form in React and submitted the data to a cache-Rest service.
On the local netwok it works just fine.

But when i deploy it on our webserver in order to acces it from the outside it won't work anymore beacuse the external address is a https address, and the call to the cache webserver is based on http.(http://srvdb23:57772/restacc/newOrder)

Resulting in the following error: Referrer Policy: strict-origin-when-cross-origin ( Chrome) 

How should i resolve this? How can I make this rest-service accessible for https?

Best regards,

Simon

 

 

Product version: 
Caché 2017.1
10
2 0 10 92

Replies

Hmm, i've visited your links but still I don't know what to do, my knowledge on this area is very limited.
As for your reply about not using cache's own webserver: I can't change that situation now. But csp (and weblink)have been installed on the iis-webserver and througt that server the cache's database server is being apporached.Apart from this rest-call. So maybe the problem is that I use a rest-url straight to the cache-server in stead of using the webserver? Best regards, Simon

If the CSPGateway is configured properly you should certainly be able to make a REST request to the webserver rather than needing to use the private webserver port. Reading this again I think the issue isn't the header you saw but actually is mixed content - see e.g. https://www.howtogeek.com/443032/what-is-mixed-content-and-why-is-chrome...

In the browser developer tools this will show up as:

So you really need to make the request via https - which is what you said in the first place, of course! And the best way to do that will be via your IIS webserver, which might already be configured correctly, and (if it's not) can be configured using the instructions I linked to above.

True: mixed-content.

So I'll just hade to find out how to redirect an url to CSP when not using .cls in the url.

Removed post. (Made stupid mistake.) Thanks Timothy!

Hi Simon!

Also when you refer to a HTTPS service you need to have SSL configuration in IRIS.

You can set up it manually or programmatically or just install zpm modulle:

USER>zpm "install ssl-client" 

that will setup a "default" SSL configuration which you could use then in the requests to HTTPS resources.

And yes, for this you would need a ZPM client installed.

@Evgeny Shvarov I think in this context it's a request from the browser, not from the server (e.g., using %Net.HttpRequest)

Yes indeed.