Rafael Mattos 3 Posted April 12, 2019 Hello! I am starting to integrate an application that is on the web but the connection to the service is refused. I read something about the CORS mode ... Is correct? FEngine.Parameters.Values['CORS.Enabled']:= True; FEngine.Parameters.Values['CORS.Enabled']:= 'True'; Thank you! Share this post Link to post
Andrea Magni 75 Posted April 13, 2019 Hi, @Rafael Mattos The first version is the correct one (it's a Boolean value), if you want to set that parameter via code. Consider you can easily set CORS options in the default ini file associated with your server application. Simply add a line under the corresponding engine's section: [DefaultEngine] CORS.Enabled=true You can set these additional options (here listed with their default values), if you need it: CORS.Origin=* CORS.Methods=HEAD,GET,PUT,POST,DELETE,OPTIONS CORS.Headers=X-Requested-With,Content-Type,Authorization Sincerely, Andrea Share this post Link to post
Rafael Mattos 3 Posted April 15, 2019 Thanks for the reply @Andrea Magni, Maybe this question has nothing to do with the framework, but as it has more experienced professionals here. I ask the question: What is missing? I changed the .ini file as you mentioned, but I still get this error in the browser (Access to fetch at 'http://999.999.999.999:99/rest/propu/agent/Orders' from origin 'http://abcd.com' has been blocked by CORS policy: Response to preflight request does not pass access control check: It does not have HTTP ok status.). I make the same request in postman and I get the answer correctly and in the header I receive (Connection → close Content-Type → application / json Content-Length Date Mon, 15 Apr 2019 11:40:30 GMT Access-Control-Allow-Origin → * Access-Control-Allow-Methods → HEAD, GET, PUT, POST, DELETE, OPTIONS Access-Control-Allow-Headers → X-Requested-With, Content-Type, Authorization) I thank you for your help. Share this post Link to post
Andrea Magni 75 Posted April 15, 2019 You are probably missing to actually reply to preflight requests (request made with OPTIONS verb). Look here: https://github.com/andrea-magni/MARS/blob/master/Demos/MARSTemplate/Server.Ignition.pas A commented example for FEngine.BeforeHandleRequest is provided and there is a (furtherly) commented section to address preflight requests: // Handle CORS and PreFlight if SameText(ARequest.Method, 'OPTIONS') then begin Handled := True; Result := False; end; This is a very minimalistic implementation (basically responding 200 OK to every preflight request) but it's needed for CORS to properly work. HTH, Andrea Share this post Link to post
Rafael Mattos 3 Posted April 16, 2019 @Andrea Magni, Thank you very much! I solved the problem with your answer. Moments before I see your answer, I discovered that the browser sends an OPTIONS before every request to know if the server accepts. I in my ignorance had created an OPTIONS method on the server, returning an empty array and with CORS in the header, with the same url for each method (GET, PUT, ...) and had "solved" the problem. I hope this post helps the beginners, as it helped this beginner. Thank you! 1 Share this post Link to post
Jean Vandromme 0 Posted May 15, 2019 Hi, It seems I have the same problem you had but can't solve it. How did you pratically get it solved ? CORS is activated but I keep getting an internal server error in angular but not in Postman I get my json array in chrome also without any issues, so ... Thanks a lot Jean Share this post Link to post
Rafael Mattos 3 Posted May 17, 2019 Hi Jean, Sorry for the delay in reply, but I resolved Andrea's response. Look here: https://github.com/andrea-magni/MARS/blob/master/Demos/MARSTemplate/Server.Ignition.pas // Handle CORS and PreFlight if SameText(ARequest.Method, 'OPTIONS') then begin Handled := True; Result := False; end; I saw that you solved a problem in another post, is it the same? Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
