| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| CORS error on HTTPConnector migrating from IE8 to IE10 |
« View previous topic :: View next topic » |
| Author |
Message
|
| stoked |
 Posted: Fri Oct 17, 2014 9:05 am Post subject: CORS error on HTTPConnector migrating from IE8 to IE10 |
 |
|
Newbie
Joined: 17 Oct 2014
Posts: 4
|
I am calling an HTTPInput message flow deployed on a WMB Linux server from an HTML/Javascript page on a website running on a different server. For arguments sake, let's just say the different server is localhost on Windows. Essentially, it is a cross-site scripting problem. It works fine in IE8. We are migrating to IE10 and it is not working.
When I run the Javascript in IE10, I get the following error in the browser:
| Quote: |
| SEC7120: Origin **** not found in Access-Control-Allow-Origin header. |
When I trace the network call from the browser it shows that it made an HTTP OPTIONS call to the WMB server, initiated by a CORS request that required a "preflight". According to the CORS documentation, a preflight is required whenever a cross-origin call is made with an HTTP header present. The purpose of the preflight OPTIONS call is to prompt the WMB server to return an Access-Control-Allow-Origin header. However, the WMB server does not return the header, just an HTTP status code 200. Thereafter, the browser aborts the request because it did not receive the header. I have tracing turned on in the WMB message flow and I can see that the message flow is never invoked. Presuming that WMB did return the header and the header value specified * or the originating host name, the browser would permit the request and send the actual request to WMB.
The Javascript is using XmlHttpRequest (XHR) to call the WMB server. I am passing an authorization header, which is required in the message flow.
| Code: |
// Send request to URL via XHR and set up callback handler
function sendRequest(url, parms) {
if (url !== "") {
if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari
xhr=new XMLHttpRequest();
}
else { // code for IE6, IE5
xhr=new ActiveXObject("Microsoft.XMLHTTP");
}
xhr.open("GET", url+parms, true); // Open the request. true for asynchronous operation
xhr.onreadystatechange = function() {processResponse(); } ;
xhr.responseType = "document"; // Set the type of response expected. (document => XML)
xhr.setRequestHeader("Content-Type", "text/xml;charset=UTF-8");
// Set authorization header.
var b64 = Base64.encode(serviceId.trim()+":"+servicePw.trim());
xhr.setRequestHeader("Authorization", "Basic "+b64);
xhr.send();
}
}
|
My question is can I configure the WMB server for CORS? I looked at the HTTPConnector documentation but I cannot see anything that suggests headers can be customized. Would it be possible if I installed the HTTP proxy server? I will try that and see if it works. But in the meantime, has anyone encountered this problem before and is there a solution?
I should add that for the testing I performed so far, it was using the broker-level HTTPConnector not the execution group.
Last edited by stoked on Fri Oct 17, 2014 9:08 am; edited 1 time in total |
|
| Back to top |
|
 |
| stoked |
| Posted: Fri Oct 17, 2014 9:06 am Post subject: |
|
|
Newbie
Joined: 17 Oct 2014
Posts: 4
|
|
| Back to top |
|
|
| stoked |
| Posted: Mon Oct 20, 2014 10:34 am Post subject: |
|
|
Newbie
Joined: 17 Oct 2014
Posts: 4
|
I installed Proxy Servlet on WAS and got it working. I found documentation for ProxyServlet here: ftp://public.dhe.ibm.com/software/integration/support/supportpacs/individual/ie01.pdf
In terms of customizing Proxy Servlet to handle the HTML OPTIONS request for a CORS preflight, I think it is not the purpose of Proxy Servlet. In fact, the handling of the OPTIONS request should be handled by the WAS servlet container that hosts Proxy Servlet. I will now look at the WAS servlet container to see if I can customize the response to an HTML OPTIONS request. If I am successful, I will still need to use Proxy Servlet because WMB does not expose any way to perform this kind of customization on its HttpConnector.
I'm wondering if the Hursley folks have ever thought of how WMB HttpConnector works with CORS? Maybe I should submit a PMR on this. I hesitate to call it a defect at this point. |
|
| Back to top |
|
|
| stoked |
| Posted: Mon Oct 20, 2014 2:58 pm Post subject: |
|
|
Newbie
Joined: 17 Oct 2014
Posts: 4
|
I was on the right track. I eventually found the final puzzle piece here: http://stackoverflow.com/questions/24277953/how-to-define-cors-in-websphere-application-server-liberty-profile-v8-5
Using the guidance provided in the Stack Overflow page, I modified the IBM-supplied proxyservlet.war file to add the filter and filter mapping to the web.xml and the two jar files to the lib folder. I redeployed proxyservlet.war to WAS. Next I tested my HTTP call to WMB HttpInput node. The HTML was loaded from ServerA running IE10 and the Javascript called the WMB message flow by going through port 9080 on the WAS server. I traced the network calls on ServerA and saw the CORS preflight request, i.e. the OPTIONS call followed by the real request to WMB using XHR, i.e. the GET.
Problem solved. I hope this is of help to the community. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
