Jump to content

Recommended Posts

Hello!

I am starting to integrate an application that is on the web but the connection to the service is refused. I read something about the CORS mode ...

Is correct?

FEngine.Parameters.Values['CORS.Enabled']:= True;

FEngine.Parameters.Values['CORS.Enabled']:= 'True';

Thank you!

Share this post


Link to post

Hi, @Rafael Mattos

The first version is the correct one (it's a Boolean value), if you want to set that parameter via code.

Consider you can easily set CORS options in the default ini file associated with your server application.

Simply add a line under the corresponding engine's section:

 

[DefaultEngine]

CORS.Enabled=true

 

You can set these additional options (here listed with their default values), if you need it:

 

CORS.Origin=*
CORS.Methods=HEAD,GET,PUT,POST,DELETE,OPTIONS
CORS.Headers=X-Requested-With,Content-Type,Authorization

 

Sincerely,

Andrea

Share this post


Link to post

Thanks for the reply @Andrea Magni,

 

Maybe this question has nothing to do with the framework, but as it has more experienced professionals here. I ask the question: What is missing?

 

I changed the .ini file as you mentioned, but I still get this error in the browser (Access to fetch at 'http://999.999.999.999:99/rest/propu/agent/Orders' from origin 'http://abcd.com' has been blocked by CORS policy: Response to preflight request does not pass access control check: It does not have HTTP ok status.).

 

I make the same request in postman and I get the answer correctly and in the header I receive

(Connection → close
Content-Type → application / json
Content-Length
Date Mon, 15 Apr 2019 11:40:30 GMT
Access-Control-Allow-Origin → *
Access-Control-Allow-Methods → HEAD, GET, PUT, POST, DELETE, OPTIONS
Access-Control-Allow-Headers → X-Requested-With, Content-Type, Authorization)


I thank you for your help.

Share this post


Link to post

You are probably missing to actually reply to preflight requests (request made with OPTIONS verb).

Look here: https://github.com/andrea-magni/MARS/blob/master/Demos/MARSTemplate/Server.Ignition.pas

A commented example for FEngine.BeforeHandleRequest is provided and there is a (furtherly) commented section to address preflight requests:

        // Handle CORS and PreFlight
        if SameText(ARequest.Method, 'OPTIONS') then
        begin
          Handled := True;
          Result := False;
        end;

 

This is a very minimalistic implementation (basically responding 200 OK to every preflight request) but it's needed for CORS to properly work.

 

HTH,

 

Andrea

 

Share this post


Link to post

@Andrea Magni

 

Thank you very much!

 

I solved the problem with your answer.

 

Moments before I see your answer, I discovered that the browser sends an OPTIONS before every request to know if the server accepts.
I in my ignorance had created an OPTIONS method on the server, returning an empty array and with CORS in the header, with the same url for each method (GET, PUT, ...) and had "solved" the problem.

 

I hope this post helps the beginners, as it helped this beginner.

 

Thank you!

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×