No 'Access-Control-Allow-Origin' header issue with Cors

Hi guys,

    I'm trying to develop a  program calling Cache REST service twice with Cors. My Cache version is 20181.1.312.

    The REST service was implemented as below:

Class src.Rest.Map Extends (%RegisteredObject, %XML.Adaptor, %CSP.REST)
{
Parameter HandleCorsRequest = 1;


XData UrlMap [ XMLNamespace = "http://www.intersystems.com/urlmap" ]
{
    <Routes>
    <Route Url="/sysString/:input" Method="GET" Call="getStringParams"/>
    <Route Url="/sysMutiple" Method="POST" Call="postMutipleParams" />
    </Routes>
}

ClassMethod getStringParams(input As %String = "") As %Status
{
    #Dim e as %Exception.AbstractException
    #Dim status as %Status
    Try {
        If $Data(%response) Set %response.ContentType="application/json"
        If $Data(%response) Set %response.CharSet="UTF-8"
        Set rtn=##class(src.Rest.Interface).getStringParams(input)
        ;write rtn,!
    } Catch (e) {
        Set status=e.AsStatus()
        Do ..ErrorHandler(status)
    }    
    Quit $$$OK
}

ClassMethod postMutipleParams() As %Status
{
    #Dim e as %Exception.AbstractException
    #Dim status as %Status
    Do %response.SetHeader("Access-Control-Allow-Origin","*")
    Try {
        Set postObj=##class(%DynamicObject).%FromJSON(%request.Content)
        If $Data(%response) Set %response.ContentType="application/json"
        If $Data(%response) Set %response.CharSet="UTF-8"
        Set rtn=##class(src.Rest.Interface).postMutipleParams(.postObj,
    } Catch (e) {
        Set status=e.AsStatus()
        Do ..ErrorHandler(status)
    }    
    Quit $$$OK
}

And  my web page using React  to sequencially call the two methods 。Strangely, I used GET to return successfully, and POST failed.

The POST codes as below:

 

I wonder why this happens and how may I handle the POST call correctly? Thanks in advance.

  • 0
  • 0
  • 77
  • 8
  • 3

Answers

To troubleshoot this enable Logging of Audit events.

And events Protect and LoginFailure.

Then reproduce the problem and check if something is logged into Audit log.

I tried, but the Username was incorrect. My authorization is _system:sys

Do you see any Protect entries in Audit when browser sends OPTIONS request ?

Please see this comment in Configuring a REST Service to Use CORS

A Caché REST service supports the OPTIONS request (the CORS preflight request), which is used to determine whether a REST service supports CORS. This request is executed by the CSPSystem user. This user should have READ permission on any databases used by the REST service; if not, the service will respond with an HTTP 404 error. 

Start by changing

Class src.Rest.Map Extends (%RegisteredObject, %XML.Adaptor, %CSP.REST) 

To

Class src.Rest.Map Extends %CSP.REST

Parameters are inherited only from the primary superclass. Also %CSP.REST is registered anyway. Not sure why you want %XML.Adaptor here.

No,  my firewall  disabled .   And I have no problem using GET.

Hello,

 

I've had a similar problem. 

I think you should add these headers in your implementing method;

    %response.SetHeader("Access-Control-Allow-Origin","*")
    %response.SetHeader("Access-Control-Allow-Methods","GET, PUT, POST, DELETE, OPTIONS")
    %response.SetHeader("Access-Control-Allow-Headers","authorization,application,Content-Type, X-Requested-With, Accept")
    %response.SetHeader("Encoding","UTF-8")

Depending on your situation you could/should narrow down what you're allowing. 

Hope this helps...

 

Regards,

Rueben

 

Comments

What happens if you add Cors="true" in your URL-Map?

It should setup everything correctly for CORS-Requests.