Issue with CORS requests

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with CORS requests

Robert Ernens-3
>>
>>We have continued our investigations and worked around the problem by
>>implementing the A4D_PostExecutionHook to populate the response header
>>with the required headers to allow the cross origin request to our JSON
>>API.

>Theoretically those headers could be added within Active4D code.

That should be the case with your CORS implementation except that the a4d
executable is not invoked when an OPTIONS method request is issued that is
the reason why we had to implement a modified version the post execution
hook that looks for the request info to populate the response headers.


>>Despite a valid sid value being properly populated either as a query
>>string parm or a form variable during the post request, A4D does not seem
>>to find the session and give access to it in the executable.
>>It works fine if we issue a get request but not with if we issue a post
>>request.

>It could be because there is a bug in 'hide session field', if that is
>what you are using to put the >session id in the form. Use this:

><input type="hidden" name="<%= session local%>" value="<%= session id %>"
>/>

The problem does not come from there. Any POST request sent by angularjs
backend through AJAX to an A4D enabled 4D server is divided in two
requests, an OPTIONS request to verify the CORS credentials (origin,
content-type, Š) wich does not invoke the A4D executable execution and
than, if the first request is not rejected because of a CORS credential
mismatch, a POST request that seems not to be handled properly by
active4D, the session is not associated to the request even if sid is
passed as a query params.

Session id returns an empty string and a dump of the form variables return
_data_ and not individual variables.

A subsequent get request with the same sid works just fine, confirming
that the session is stil active.

Hope this helps,


--
Robert Ernens
HCTBA Consulting
Look2BookOnline - Web-à-la-Carte
4 Rés. Les Bois du Cerf
91450 Etiolles
Tél.: +33.950.58.95.80
GSM : +33.611.78.44.68




_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Issue with CORS requests

aparajita
Administrator
> Session id returns an empty string and a dump of the form variables return
> _data_ and not individual variables.

This is from the POST? Looks like angular is using a weird Content-Type. What are the POST headers?

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Issue with CORS requests

Robert Ernens-3
In reply to this post by Robert Ernens-3

>There's something wrong here. The payload is not JSON at all, even though
>that's what the Content-Type is set to.
>
>Also, angularjs must not be setting the Origin header in the OPTIONS
>request, otherwise Active4D would recognize it as a CORS request.

This is the OPTIONS request but with the response headers being populated
by the post execution hook


1. Remote Address:
37.187.129.224:80

2. Request URL:
http://glctracker.golf-loisir-club.com/gps/caddyMasterAdd.a4d

3. Request Method:
OPTIONS

4. Status Code:
200 OK

5. Request Headersview parsed
     1. OPTIONS /gps/caddyMasterAdd.a4d HTTP/1.1
Host: glctracker.golf-loisir-club.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:9000/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
6. Response Headersview source
     1. Access-Control-Allow-Headers:
content-type

     2. Access-Control-Allow-Methods:
GET,POST,PUT,DELETE

     3. Access-Control-Allow-Origin:
*

     4. Access-Control-Max-Age:
10

     5. Content-Length:
0

     6. Content-Type:
text/html; charset=utf-8

     7. Date:
Wed, 12 Nov 2014 20:56:02 GMT

     8. Server:
4D_v12/12.4.0


Also, the POST request that I sent you was the wrong one, this was a test
with a query string containing the sid and a payload formatted as a
standard formr request just to see if it was making any difference.


Below the POST request as normaly issued by angularjs


1. Remote Address:
37.187.129.224:80

2. Request URL:
http://glctracker.golf-loisir-club.com/gps/caddyMasterAdd.a4d

3. Request Method:
POST

4. Status Code:
200 OK

5. Request Headersview parsed
     1. POST /gps/caddyMasterAdd.a4d HTTP/1.1
Host: glctracker.golf-loisir-club.com
Connection: keep-alive
Content-Length: 45
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://localhost:9000/
Accept-Encoding: gzip,deflate
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
6. Request Payloadview source{sid:B1DC5C5B54A98ABE, n:test, i:1}


1. i: "1"
2. n: "test"
3. sid: "B1DC5C5B54A98ABE"



7. Response Headersview source
     1. Access-Control-Allow-Headers:
content-type

     2. Access-Control-Allow-Methods:
GET,POST,PUT,DELETE

     3. Access-Control-Allow-Origin:
*

     4. Access-Control-Max-Age:
10

     5. Cache-Control:
no-cache

     6. Content-Length:
1410

     7. Content-Type:
text/html; charset=utf-8

     8. Date:
Wed, 12 Nov 2014 20:56:02 GMT

     9. Expires:
Wed, 12 Nov 2014 20:56:02 GMT

     10. Pragma:
no-cache

     11. Server:
4D_v12/12.4.0

The a4d executable has been reduced just to the minimum to dump the
session collection and the form variables. This the result of the above
request

There is no current session.

Unnamed collection
Key Value
_data_ 45 bytes
















_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Issue with CORS requests

aparajita
Administrator
> Content-Type: application/json;charset=UTF-8
> 6. Request Payloadview source{sid:B1DC5C5B54A98ABE, n:test, i:1}

Looks like I'll have to add parsing of JSON for the session id when the Content-Type is application/json. I should probably populate the _form collection with the parsed JSON as well.

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/