Issue with Cross Origin request, update

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with Cross Origin request, update

Robert Ernens-3
We have continued our investigations and worked around the problem by
implementing the A4D_PostExecutionHook to populate the response header
with the required headers to allow the cross origin request to our JSON
API.

We now have no more rejection of the POST requests when the OPTIONs Method
is issued by the angularjs front end and we see the POST request properly
executed.

Nevertheless we run into another problem then :

Despite a valid sid value being properly populated either as a query
string parm or a form variable during the post request, A4D does not seem
to find the session and give access to it in the executable.

It works fine if we issue a get request but not with if we issue a post
request.
If we test the session id value it is empty.
If we access a session variable, a new session id is created that does not
match the current session despite this not having expired or having been
purged.

It seems again related to the fact that an OPTIONs request followed by a
POST request is made by the angularjs front end.

What¹s wrong here ?

Thanks
--
Robert Ernens
HCTBA Consulting
Look2BookOnline - Web-à-la-Carte
4 Rés. Les Bois du Cerf
91450 Etiolles
Tél.: +33.950.58.95.80
GSM : +33.611.78.44.68





Le 08/11/2014 21:00, « [hidden email] »
<[hidden email]> a écrit :

>Message: 1
>Date: Sat, 08 Nov 2014 19:56:28 +0100
>From: Robert Ernens <[hidden email]>
>To: "[hidden email]"
> <[hidden email]>
>Subject: [Active4d-dev] Issues with Cross Origin requests
>Message-ID: <D08425EC.3B386%[hidden email]>
>Content-Type: text/plain; charset="ISO-8859-1"
>
>We are currently handling a development that involves an AngularJs web
>application issuing CORS request to our 4D Active4D server (4D v12, Active
>4D 6.0 still).
>
>We have set up an entry in the CORS.ini file to allow CORS request to only
>active4D executables located in a given directory
>
>http://glctracker.golf-loisir-club.com/gps/
>origin = *
>methods = GET, POST, PUT, DELETE
>
>We can?t get it to work and where forced to include in our executables a
>
>set response header("Access-Control-Allow-Origin"; "* ?) in order to get
>the
>GRT request to be accepted.
>
>But POST or PUT requests won?t work as Angularjs Ajax requests use an
>OPTIONS request first and the request does not seem handled properly by
>ACTIVE4D
>
>Below what Chrome developer console returns
>
>XMLHttpRequest cannot load
>http://glctracker.golf-loisir-club.com/gps/caddyMasterAdd.a4d. No
>'Access-Control-Allow-Origin' header is present on the requested resource.
>Origin '<a href="http://localhost:9000'">http://localhost:9000' is therefore not allowed access
>
>Below the content of the request header and response
>
>1. Request URL:
>2. http://glctracker.golf-loisir-club.com/gps/caddyMasterAdd.a4d
>3.
>4. Request Method:
>5. OPTIONS
>6.
>7. Status Code:
>8. 200 OK
>9.
>10. Request Headersview source
>>1. Accept:
>>2. */*
>>3.
>>4. Accept-Encoding:
>>5. gzip,deflate,sdch
>>6.
>>7. Accept-Language:
>>8. fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
>>9.
>>10. Access-Control-Request-Headers:
>>11. accept, content-type
>>12.
>>13. Access-Control-Request-Method:
>>14. POST
>>15.
>>16. Cache-Control:
>>17. no-cache
>>18.
>>19. Connection:
>>20. keep-alive
>>21.
>>22. Host:
>>23. glctracker.golf-loisir-club.com
>>24.
>>25. Origin:
>>26. http://localhost:9000
>>27.
>>28. Pragma:
>>29. no-cache
>>30.
>>31. Referer:
>>32. http://localhost:9000/
>>33.
>>34. User-Agent:
>>35. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36
>>(KHTML,
>>like Gecko) Chrome/38.0.2125.111 Safari/537.36
>11. Response Headersview parsed
>>1. HTTP/1.1 200 OK Server: 4D_v12/12.4.0 Date: Sat, 08 Nov 2014 18:17:11
>>GMT
>>Content-Length: 0 Content-Type: text/html; charset=utf-8
>
>What do we do that is wrong with CORS and ACTIVE 4D ?
>
>Thanks for your help


_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Issue with Cross Origin request, update

aparajita
Administrator
> We have continued our investigations and worked around the problem by
> implementing the A4D_PostExecutionHook to populate the response header
> with the required headers to allow the cross origin request to our JSON
> API.

Theoretically those headers could be added within Active4D code.


> Despite a valid sid value being properly populated either as a query
> string parm or a form variable during the post request, A4D does not seem
> to find the session and give access to it in the executable.
>
> It works fine if we issue a get request but not with if we issue a post
> request.

It could be because there is a bug in 'hide session field', if that is what you are using to put the session id in the form. Use this:

<input type="hidden" name="<%= session local%>" value="<%= session id %>" />

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Issue with Cross Origin request, update

aparajita
Administrator
> It could be because there is a bug in 'hide session field', if that is what you are using to put the session id in the form. Use this:
>
> <input type="hidden" name="<%= session local%>" value="<%= session id %>" />

Actually, don't use the slash at the end if you are using html (as opposed to xhtml). I'll have the 'hide session field' bug fixed soon.

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/