We are experimenting with the Rollbase cloud version but do have the JSDO service on our own server. Because of the cross-domain service calls Firefox and IE11 do block the xhr request. Chrome does only warn...
I did find this article (http://docs.mobile.rollbase.com/documentation/cross-domain-service-calls/) describing the problem. But I couldn't figure out how to configure or use the Rollbase proxy which is to my understanding the solution for this problem.
Help is appreciated.
Thank you for your help.
1. The application is hosted in the public cloud. I think it's not possible to use the Mobile App Builder in the private cloud.
2. No, I'm testing it in the web browser on my PC.
3. I already tried to switch from http to https but that only changed the error message... :-)
Firefox is logging "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource " when trying to access the JSDO (pdsession.login(settings.serviceURI, "", "");).
Okay, I recognized that it is possible to use the Rollbase proxy for REST and Database service but not for JSDO service. Is there a reason for this?
Meanwhile I tried to get this CORS "feature" working but I can't . The tomcat integrated in the OpenEdge package seems to be CORS enabled because I can see the needed headers in the response. But it also doesn't work in IE11 and Firefox. Debugging is not possible because I can't use Wireshark because the connection needs SSL encryption otherwise it is blocked because of mixed content. And the browsers don't show the headers of the blocked requests.
For CORS to work, the server needs to return Access-Control-Allow-Origin header that web browser can use to validate the access.
I have not tried this out, however, Tomcat includes supports or CORS:
The CorsFilter class in Tomcat allows you to specify a url pattern so that the CORS response header are returned.
Have you tried this?
If you are not able to configure CORS for the REST API, you could connect Technical Support so that they can log a request to add the support for the CORS headers to the REST API.
I hope this helps.
Hi and thanks for your answer.
Here is a request with its response. For me this looks good. But it's only working in Chrome and not in IE11 and Firefox... (For the example I didn't use the SSL version. So I get the mixed content warning)
Status Code:200 OK
Request Headersview source
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Access-Control-Allow-Headers:Access-Control-Request-Headers, Accept-Language, Content-Language, Authorization, Origin, Access-Control-Request-Method, Content-Type, Accept, X-Client-Context-Id, Cache-Control, Pragma
Access-Control-Allow-Methods:OPTIONS, GET, POST, PUT, DELETE
Date:Mon, 30 Jun 2014 08:05:09 GMT