How to post to Cache Rest-service as https
Hello to all,
I created a form in React and submitted the data to a cache-Rest service.
On the local netwok it works just fine.
But when i deploy it on our webserver in order to acces it from the outside it won't work anymore beacuse the external address is a https address, and the call to the cache webserver is based on http.(http://srvdb23:57772/restacc/newOrder)
Resulting in the following error: Referrer Policy: strict-origin-when-cross-origin ( Chrome)
How should i resolve this? How can I make this rest-service accessible for https?
Best regards,
Simon
Product version: Caché 2017.1
First off, you should strongly consider using a production webserver, not the built-in one. On configuring the CSPGateway for this, see https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY...
You might also need to investigate CORS settings - https://docs.intersystems.com/latest/csp/docbook/Doc.View.cls?KEY=GREST_... is helpful reading on this.
Also see https://developers.google.com/web/updates/2020/07/referrer-policy-new-ch... for details on the Chrome behavior. CORS actually isn't relevant here it seems - looks like you need to use https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Hmm, i've visited your links but still I don't know what to do, my knowledge on this area is very limited.
As for your reply about not using cache's own webserver: I can't change that situation now. But csp (and weblink)have been installed on the iis-webserver and througt that server the cache's database server is being apporached.Apart from this rest-call. So maybe the problem is that I use a rest-url straight to the cache-server in stead of using the webserver? Best regards, Simon
If the CSPGateway is configured properly you should certainly be able to make a REST request to the webserver rather than needing to use the private webserver port. Reading this again I think the issue isn't the header you saw but actually is mixed content - see e.g. https://www.howtogeek.com/443032/what-is-mixed-content-and-why-is-chrome...
In the browser developer tools this will show up as:
So you really need to make the request via https - which is what you said in the first place, of course! And the best way to do that will be via your IIS webserver, which might already be configured correctly, and (if it's not) can be configured using the instructions I linked to above.
True: mixed-content.
So I'll just hade to find out how to redirect an url to CSP when not using .cls in the url.
For IIS, see https://docs.intersystems.com/latest/csp/docbook/Doc.View.cls?KEY=GCGI_w... - you need to set up a wildcard entry for the REST application's path.
Removed post. (Made stupid mistake.) Thanks Timothy!
Hi Simon!
Also when you refer to a HTTPS service you need to have SSL configuration in IRIS.
You can set up it manually or programmatically or just install zpm modulle:
that will setup a "default" SSL configuration which you could use then in the requests to HTTPS resources.
And yes, for this you would need a ZPM client installed.
@Evgeny Shvarov I think in this context it's a request from the browser, not from the server (e.g., using %Net.HttpRequest)
Yes indeed.
Social networks
InterSystems resources
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue