CORS 11.7 - Forum - OpenEdge Development - Progress Community
 Forum

CORS 11.7

This question is not answered

Hi all,

First of all, i've the 11.7 version of the PDSOE, so i'm using the PAS for OpenEdge Server...

I'm developing an Angular application and trying to connect it to a REST service published on Progress Application Server, I receive response doing the call with postman, but when i do the call from the brower, it sends me the next message:

Failed to load http://<server>:<port>/<app>/rest/<appService>/<Service>: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://<angular_app>:<port>' is therefore not allowed access.

I understand that i've to modificate the oablSecurity.properties, so, the question is:

Which parameters need to be activated/updated?

Kind Regards

All Replies
  • First of all, make sure that you add the credentials from Angular:

    stackoverflow.com/.../angular-2-http-withcredentials

    second, read the site: https://enable-cors.org/ to understand why you get a preflight request.

    last: search for the conf/oeablSecurity.properties file and the CORS section:

    OECORSFilter.allowAll=true

    OECORSFilter.responseHeaders=Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,X-CLIENT-CONTEXT-ID

    OECORSFilter.allowDomains=

    OECORSFilter.allowSubdomains=false

    OECORSFilter.allowMethods=GET,POST,PUT,DELETE,OPTIONS,PATCH

    OECORSFilter.messageHeaders=Accept,Accept-Language,Content-Language,Content-Type,X-CLIENT-CONTEXT-ID,Origin,Access-Control-Request-Headers,Access-Control-Request-Method,Pragma,Cache-control,Authorization,hoppa

    OECORSFilter.supportCredentials=true

    OECORSFilter.maxAge=-1

    Make sure that for the time being OECORSFilter.allowAll=true

  • I agree with bronco.  Get familiar with the links provided in bronco's post for background on how things work with CORS.

    The response message you are receiving is actually telling you exactly what header the browser is looking for in the OPTIONS  call and not seeing.  Add 'Access-Control-Allow-Origin' to the OECORSFilter.messageHeaders entry in oeablSecurity.properties, and restart the web app.  After doing that you may see the response message change to another header the browser is expecting (say 'X-Requested-With'), and need to also add that.

  • Hi bronco,

    I read the posts and modified my oeablSecurity but it stills not working....

    I deactivated the cors in the browser and it works :/, analizing the responses that I got, I realized that in PASOE v11.7 the response header is incomplete...

    Response Header 11.7

    HTTP/1.1 200

    Content-Length: 0

    Date: Tue, 24 Jul 2018 20:46:17 GMT

    while in the version 11.6 it is complete

    HTTP/1.1 200 OK

    Server: Apache-Coyote/1.1

    Access-Control-Allow-Origin: <http_origin>

    Access-Control-Allow-Credentials: true

    Access-Control-Allow-Methods: PUT, GET, OPTIONS, DELETE, PATCH, POST

    Access-Control-Allow-Headers: Access-Control-Request-Headers, Accept-Language, Content-Language, Authorization, Origin, Access-Control-Request-Method, Content-Type, Accept, X-Client-Context-Id, Cache-Control, Pragma

    Content-Length: 0

    Date: Tue, 24 Jul 2018 20:46:33 GMT

    My oeablSecurity.properties in the conf/ directory of my PASOE instance is configured like this

    OECORSFilter.allowAll=true

    OECORSFilter.responseHeaders=Access-Control-Allow-Origin,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,X-CLIENT-CONTEXT-ID

    OECORSFilter.allowDomains=

    OECORSFilter.allowSubdomains=false

    OECORSFilter.allowMethods=GET,POST,PUT,DELETE,OPTIONS,PATCH

    OECORSFilter.messageHeaders=Accept,Accept-Language,Content-Language,Content-Type,X-CLIENT-CONTEXT-ID,Origin,Access-Control-Request-Headers,Access-Control-Request-Method,Pragma,Cache-control,Authorization

    OECORSFilter.supportCredentials=true

    OECORSFilter.maxAge=-1

    Do you have an idea of what I'm doing wrong?

    Thanks for your help,

  • Have you tried adding the header the browser is complaining about to your messageHeaders entry and restarting the web app?


    Brian Laferte
    401-499-6666

    'Ambition leads me not only farther than any man has been before me, but as far as I think it possible for man to go.' -- James Cooke