External JSDO service and cross-domain origin - Forum - Rollbase - Progress Community

External JSDO service and cross-domain origin

 Forum

External JSDO service and cross-domain origin

This question is not answered

Hi all.

We are experimenting with the Rollbase cloud version but do have the JSDO service on our own server. Because of the cross-domain service calls Firefox and IE11 do block the xhr request. Chrome does only warn...

I did find this article (http://docs.mobile.rollbase.com/documentation/cross-domain-service-calls/) describing the problem. But I couldn't figure out how to configure or use the Rollbase proxy which is to my understanding the solution for this problem.


Help is appreciated.

Regards

Oliver

All Replies
  • Hi Oliver,

    I had encountered a similar issue in Rollbase before. The module I was working on is trying to receive a JSON response from Rollbase but it got blocked due to cross-domain restrictions. Though, I wasn't able to make it work in the public cloud because the headers were not allowed to be modified back then.

    Can you provide some more information related to your issue? I might be able to help more if you provide me the following information:
    1. Is your application hosted in a private or a public cloud?
    2. Are you sending the request from a mobile device?
    3. Are you sending the request URL with HTTP or HTTPS?

    To progress this issue a bit faster, would you kindly send me a console log from your browser. I will sending you an email to which you can reply so that this confidential information remains secure.


    Regards,
    Godfrey
  • Hi Godfrey.

    Thank you for your help.

    1. The application is hosted in the public cloud. I think it's not possible to use the Mobile App Builder in the private cloud.

    2. No, I'm testing it in the web browser on my PC.

    3. I already tried to switch from http to https but that only changed the error message... :-)

    Firefox is logging "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource " when trying to access the JSDO (pdsession.login(settings.serviceURI, "", "");).

    Regards

    Oliver

  • Okay, I recognized that it is possible to use the Rollbase proxy for REST and Database service but not for JSDO service. Is there a reason for this?

    Meanwhile I tried to get this CORS "feature" working but I can't . The tomcat integrated in the OpenEdge package seems to be CORS enabled because I can see the needed headers in the response. But it also doesn't work in IE11 and Firefox. Debugging is not possible because I can't use Wireshark because the connection needs SSL encryption otherwise it is blocked because of mixed content. And the browsers don't show the headers of the blocked requests.

    Regards

    Oliver

  • Hello,

    For CORS to work, the server needs to return Access-Control-Allow-Origin header that web browser can use to validate the access.

    I have not tried this out, however, Tomcat includes supports or CORS:

       enable-cors.org/server_tomcat.html

    The CorsFilter class in Tomcat allows you to specify a url pattern so that the CORS response header are returned.

    Have you tried this?

    If you are not able to configure CORS for the REST API, you could connect Technical Support so that they can log a request to add the support for the CORS headers to the REST API.

    I hope this helps.

  • Hi and thanks for your answer.

    Here is a request with its response. For me this looks good. But it's only working in Chrome and not in IE11 and Firefox... (For the example I didn't use the SSL version. So I get the mixed content warning)

    Request:

    Request URL:http://myip/RollbaseAdapter/static/home.html

    Request Method:OPTIONS

    Status Code:200 OK

    Request Headersview source

    Accept:*/*

    Accept-Encoding:gzip,deflate,sdch

    Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

    Access-Control-Request-Headers:pragma, cache-control

    Access-Control-Request-Method:GET

    Cache-Control:max-age=0

    Connection:keep-alive

    Host:myip

    Origin:https://mobile.rollbase.com

    User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

    Response:

    Access-Control-Allow-Credentials:true

    Access-Control-Allow-Headers:Access-Control-Request-Headers, Accept-Language, Content-Language, Authorization, Origin, Access-Control-Request-Method, Content-Type, Accept, X-Client-Context-Id, Cache-Control, Pragma

    Access-Control-Allow-Methods:OPTIONS, GET, POST, PUT, DELETE

    Access-Control-Allow-Origin:https://mobile.rollbase.com

    Content-Length:0

    Date:Mon, 30 Jun 2014 08:05:09 GMT

    Server:Apache-Coyote/1.1

    Regards

    Oliver