Quantcast

Cross-Domain/Cross-Origin calls support in Orchestration engine's REST API

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Cross-Domain/Cross-Origin calls support in Orchestration engine's REST API

BhagatSingh
Hi Yan,

I am getting following error when I am calling Orchestration engine's REST API from out side domain:
"XMLHttpRequest cannot load http://devpmapp1:8181/console/rest/v1/fabric-dev. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<a href="http://144.77.108.39:8282'">http://144.77.108.39:8282' is therefore not allowed access."

After googling I came to know that if we have the following headers in the response's header list then this problem will go away:

response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");

Can you please help me out in this issue if you think it can be fixed in Glu Console?

Reference links:
http://www.w3.org/TR/cors/
https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
http://stackoverflow.com/questions/20035101/no-access-control-allow-origin-header-is-present-on-the-requested-resource-w
https://github.com/angular/angular.js/issues/5009

Note: This works fine for me when I use Java based REST Client or soapUI. Issue is coming only when I am accessing Orchestration engine's REST API directly from browser or java script.

Thanks!
Bhagat

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cross-Domain/Cross-Origin calls support in Orchestration engine's REST API

BhagatSingh
This post was updated on .
I deployed new war file in the same jetty server where glu console is deployed and it is working.

Thanks!
Bhagat
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cross-Domain/Cross-Origin calls support in Orchestration engine's REST API

frenchyan
Administrator
Glad it is working this way. I can see why it could be a problem. If that is an issue I could add a plugin or something to allow you to customize the headers. I would not simply add those headers to all requests as this could be opening a security hole in general.

Yan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cross-Domain/Cross-Origin calls support in Orchestration engine's REST API

BhagatSingh
yes sure it makes 100% sense to me. It will be useful when someone want to call Orchestration engine's REST API from outside.

Before this I was thinking to write a response filter to add those headers. But deploying war file in the same server is effortless solution and I will go for it.

Thanks!
Bhagat
Loading...