How to setup Access-Control-Allow-Origin to allow cross domain ajax requests on Orion Context Broker ver.0.15.0
My JS script
function capture_sensor_data(){
var contentTypeRequest = $.ajax({
url: 'http://x.x.x.x:1026/ngsi10/queryContext',
data: {
"entities": [
{
"type": "Room",
"isPattern": "false",
"id": "Room1"
}
]
},
type: 'POST',
dataType: 'json',
contentType: 'application/json',
headers: { 'X-Auth-Token' :'you_auth_token'}
});
contentTypeRequest.done(function(data){
console.log(data);
});
contentTypeRequest.fail(function(jqXHR, textStatus){
console.log( "DEBUG : Ajax request failed... (" + textStatus + ' - ' + jqXHR.responseText + ")." );
});
contentTypeRequest.always(function(jqXHR, textStatus){ });
};
Response
XMLHttpRequest cannot load http://x.x.x.x:1026/ngsi10/queryContext. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://x.x.x.x' is therefore not allowed access. The response had HTTP status code 405.
Current Orion version (0.18.1) doesn't include Access-Control-Allow-Origin header in responses, although probably it will do that in a future version as it has been identified as a potential feature.
At the present moment, one possible solution is to use a proxy (placed between Orion and your client) to add that header in the responses from Orion before passing them to your client.
Related
I am trying to call foreman API from other different domain. But always getting cors origin error. Using ajax and angular but both send the same error.
Actual error:
Access to XMLHttpRequest at
‘https://192.168.x.xxx/api/v2/config_reports/1914’ from origin
‘http://localhost:4200’ has been blocked by CORS policy: Response to
preflight request doesn’t pass access control check: No
‘Access-Control-Allow-Origin’ header is present on the requested
resource.
Angular code:
public getReport(){
const httpOptions = {
headers: new HttpHeaders({
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET,POST,OPTIONS,DELETE,PUT',
'Authorization': 'Basic ' + btoa('admin:Test123#')
})
};
return this.httpClient.get<object[]>('https://192.168.8.137/api/v2/config_reports/1914', httpOptions);
}
Finally, I found solution. So I have to set cors with foreman-installer.
foreman-installer --foreman-cors-domains http://localhost:4200 /* Your domain name*/
I'm trying to pass an access token as a header to a GET request into API Gateway, but every time it's returning: "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
NOTE: I've setup the API Gateway resource with a proxy integration.
exports.handler = async (event) => {
const { access_token } = event.headers
const response = {
statusCode: 200,
headers: getHeaders(),
body: JSON.stringify({
data: access_token,
})
}
return response
}
const getHeaders = () => {
return {
'Access-Control-Allow-Origin': '*',
"Access-Control-Allow-Credentials" : true,
'Access-Control-Allow-Methods': '*',
'Access-Control-Allow-Headers': '*',
'Content-Type': 'application/json'
}
}
I've tried just about every combo returning different headers.
When I try running this request with the access_token as a query parameter it works just fine, it returns as expected, but not when passing as a header.
Something also worth noting, when I pass the access_token as a header through postman it'll return as expected, but when I call it from my UI application on localhost with axios is where it doesn't work.
Any help here would be appreciated.
By adding the following to my template.yml, after deploying SAM adds the OPTIONS method to each of my resource method within API Gateway. I needed to specify my specific header as well in the config, otherwise I would still get the same issue.
Globals:
Api:
Cors:
AllowMethods: "'GET,POST,OPTIONS'"
AllowHeaders: "'access_token,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'"
AllowOrigin: "'*'"
AllowCredentials: "'*'"
For Api Gateway CORS, we need to add an additional OPTIONS method pointing to MOCK integration and with header mappings in integration response with
Access-Control-Allow-Headers should contain all headers
Access-Control-Allow-Methods should contain all methods
Access-Control-Allow-Origin should contain the host or '*'
Example:
Access-Control-Allow-Headers: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent' (should contain all head
Access-Control-Allow-Methods: 'GET,OPTIONS'
Access-Control-Allow-Origin : '*'
Method Response:
Integration Response:
I am trying to obtain the Access Token by passing authcode by calling rest api but my response was blocked saying mime type mismatch. PFB sample code
$.ajax({
async: true, // Async by default is set to “true” load the script asynchronously
dataType: 'jsonp',
crossDomain: true,
redirect_uri: 'https://hclo365.sharepoint.com/sites/wf13test',
data: 'grant_type=authorization_code&code=eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0%2EAQkAAAABAAYABwCAGYGDcLfWSAgAgKUHy3C31kgCAONnoYIaQgFOsTImy5_ryv0VAAEAAAAYAAEAAAAdAAAADQAkAAAAMzRkYTY1NDktMTdjMC00MTM3LWE3YWEtYWJkYWMzNjQ0YWMzNwCWbGY1cO_JQKSrZRKWhxjbMACAZ4tNZ7fWSA%2Eaz__M8ULm--8DgmUspzcA1wa7soxB0jQgnKhIwKhRT4jDsmsmIa755xPK7sD1vKmeMM4LDISN1XignVCii1IecpEWO6PWR8gq6UToJG6DnKcPurKWXEwZblsyxf2kOXR1RtDQoev5_VxkqLKTT9rHCFB01eZzTir8SVMs5BPOWdCCufMok-lVyJoq5VRL2YoPB3iOhz8MZAVlElx0srIJJWUuHiXRImmU13__3qtRf82Kxattt_6cN8IcW9rjZDYB0dfcqIKon_Q27Fp8KYU4LEpYHVunKEli60dzWliTFX34KRGJYVpYqK-Zd6OyHuqculMPE6mctVlQbcG1DD3gQ',
url: "https://account-d.docusign.com/oauth/token", // URL to fetch data from sharepoint list
method: "POST", //Specifies the operation to fetch the list item
headers: {
Authorization : "Basic MzRkYTY1NDktMTdjMC00MTM3LWE3YWEtYWJkYWMzNjQ0YWMzOjgzNmQxNmZiLWU1MDctNDM2Ny04Y2ZlLTFiODkzOGU2MTE5Yw==",
"Access-Control-Allow-Origin": '*',
"Access-Control-Allow-Headers": 'application/json',
"accept": "application/json;odata=verbose", //It defines the Data format
"content-type": "application/x-www-form-urlencoded" //It defines the content type as JSON
},
success: function(data) {
console.log('works');
},
error: function(error) {
console.log(JSON.stringify(error));
}
})
Looking for the possible solution for this to capture the access token.
I do not think you can call DS API from AJAX calls, you will be getting CORS issue. DS Dev Blog1, DS Dev Blog2 and DS Dev Blog3 explain how you can achieve Single Page Applications with DocuSign.
I am trying to get data from smartsheet API. When I use postman and nodejs in separate server code, it works.
But if I use the API inside the Ionic with HttpClient (#angular/http) it gives CORS issue with run in browser.
Failed to load https://api.smartsheet.com/2.0/sheets/1235941564208899972: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.
And also I have tried with a proxy setup like below:
"proxies": [{
"path": "/2.0",
"proxyUrl": "https://api.smartsheet.com/"
}]
home.ts:
let headers = new Headers({ 'Access-Control-Allow-Origin': '*', 'Authorization': 'Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxx' });
let options = new RequestOptions({ headers: headers });
this.HttpClient.get('/2.0/sheets/1235941564208899972', options).pipe(
map(res => res.json())
).subscribe(data => this.response = data);
I am still getting localhost 404 error only.
If Ionic is using CORS to talk to the Smartsheet API, that will not work. The Smartsheet API does not currently support CORS.
I am getting the error "message": "Referrer header not found while calling the http request from the node.js server.
The requirement is like, first I need to hit a box which accepts only the ajax requests and then route to the actual service.
Snapshot of the code
var options = {
url: 'http://' + fullpath,
qs : params,
headers : {
Cookie : "COOKIE=" + my_cookie,
Origin: 'http://my_url',
"X-Requested-With": 'XMLHttpRequest'
},
encoding : null,
};
request.get(options, function (err, response, body) {
}
Any thoughts on the above error ?
Thnx
You're not passing a Referer header to request.get and apparently the server at http://[fullpath] expects it (perhaps as a sort of misguided form of security).
Try adding one:
headers : {
Cookie : "COOKIE=" + my_cookie,
Origin: 'http://my_url',
"X-Requested-With": 'XMLHttpRequest',
Referer : 'http://' + fullpath
},