How to post to Cache Rest-service as https

Question

Question

Simon Bijl · Jan 12, 2021

Hello to all,

I created a form in React and submitted the data to a cache-Rest service.
On the local netwok it works just fine.

But when i deploy it on our webserver in order to acces it from the outside it won't work anymore beacuse the external address is a https address, and the call to the cache webserver is based on http.(http://srvdb23:57772/restacc/newOrder)

Resulting in the following error: Referrer Policy: strict-origin-when-cross-origin ( Chrome)

How should i resolve this? How can I make this rest-service accessible for https?

Best regards,

Simon

Product version: Caché 2017.1

Discussion (10)1

Log in or sign up to continue

Timothy Leavitt · Jan 12, 2021

First off, you should strongly consider using a production webserver, not the built-in one. On configuring the CSPGateway for this, see https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY...

You might also need to investigate CORS settings - https://docs.intersystems.com/latest/csp/docbook/Doc.View.cls?KEY=GREST_... is helpful reading on this.

0 0

Timothy Leavitt · Jan 13, 2021

If the CSPGateway is configured properly you should certainly be able to make a REST request to the webserver rather than needing to use the private webserver port. Reading this again I think the issue isn't the header you saw but actually is mixed content - see e.g. https://www.howtogeek.com/443032/what-is-mixed-content-and-why-is-chrome...

In the browser developer tools this will show up as:

So you really need to make the request via https - which is what you said in the first place, of course! And the best way to do that will be via your IIS webserver, which might already be configured correctly, and (if it's not) can be configured using the instructions I linked to above.

0 0

Timothy Leavitt · Jan 13, 2021

For IIS, see https://docs.intersystems.com/latest/csp/docbook/Doc.View.cls?KEY=GCGI_w... - you need to set up a wildcard entry for the REST application's path.

0 0

Evgeny Shvarov · Jan 13, 2021

Hi Simon!

Also when you refer to a HTTPS service you need to have SSL configuration in IRIS.

You can set up it manually or programmatically or just install zpm modulle:

USER>zpm "install ssl-client"

that will setup a "default" SSL configuration which you could use then in the requests to HTTPS resources.

And yes, for this you would need a ZPM client installed.

0 0

Timothy Leavitt · Jan 13, 2021

@Evgeny Shvarov I think in this context it's a request from the browser, not from the server (e.g., using %Net.HttpRequest)

0 0

score 0 · Answer 1 · 2021-01-12T08:54:45-05:00

Also see https://developers.google.com/web/updates/2020/07/referrer-policy-new-ch... for details on the Chrome behavior. CORS actually isn't relevant here it seems - looks like you need to use https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

score 0 · Answer 2 · 2021-01-13T05:18:51-05:00

Hmm, i've visited your links but still I don't know what to do, my knowledge on this area is very limited.
As for your reply about not using cache's own webserver: I can't change that situation now. But csp (and weblink)have been installed on the iis-webserver and througt that server the cache's database server is being apporached.Apart from this rest-call. So maybe the problem is that I use a rest-url straight to the cache-server in stead of using the webserver? Best regards, Simon

score 0 · Answer 3 · 2021-01-13T09:56:04-05:00

True: mixed-content.

So I'll just hade to find out how to redirect an url to CSP when not using .cls in the url.

score 0 · Answer 4 · 2021-01-14T05:30:35-05:00

Simon Bijl · Jan 14, 2021

Removed post. (Made stupid mistake.) Thanks Timothy!

0 0

score 0 · Answer 5 · 2021-01-13T09:54:12-05:00

Simon Bijl · Jan 13, 2021

Yes indeed.

0 0