Ok, one step forward. If I add
servletResponse.addHeader("Access-Control-Allow-Headers", "Content-Type");
It starts working and the gadget renders. Cool. But then the first
makeRequest from a gadget seems to be having difficulty.
doug
On 3/26/12 3:59 PM, "daviesd" <[email protected]> wrote:
> Started looking at this. I'm a little unclear what I'm suppose to do if
> JsonRpcServlet receives an OPTIONS request. Right now I was just trying the
> following (after allowing OPTIONS to pass-thru) right after the setCORSheader:
>
> if ("OPTIONS".equals(method)) {
>
> servletResponse.addHeader("Access-Control-Allow-Origin", "*");
> servletResponse.addHeader("Access-Control-Max-Age", "3600");
> servletResponse.addHeader("Access-Control-Allow-Methods", "POST, GET,
> OPTIONS");
> return;
> }
>
> The pre-flight request now succeeds but I don't see any further requests from
> the javascript. Probably my misunderstanding of CORS and XHR. Any
> suggestions on how to best implement this? Or perhaps I'm not gonna get off
> easy with just a few lines of code. :)
>
> doug
>
>
> On 3/22/12 5:19 PM, "daviesd" <[email protected]> wrote:
>
>> Again... Thanks Stanton for the quick response. Ok, I'll probably spend a
>> few
>> days with this next week and see what I can do. I know nothing about CORS,
>> but I'll start reading up on it.
>>
>> doug
>>
>>
>> On 3/22/12 5:13 PM, "Stanton Sievers" <[email protected]> wrote:
>>
>>> Hi Doug,
>>>
>>> That matches my findings as well. I've not heard of anyone running the
>>> container page and shindig server on different domains without having to
>>> use a proxy on the container page's domain.
>>>
>>>
>>> I'm sure it can be done it just doesn't appear to work with Shindig out
>>> of the box. I think more would have to be done to implement CORS for the
>>> JsonRpcServlet.
>>>
>>> Regards,
>>> -Stanton
>>>
>>>
>>>
>>> From: daviesd <[email protected]>
>>> To: <[email protected]>,
>>> Date: 03/22/2012 17:08
>>> Subject: Re: Shindig running on different domain than container
>>> REVISITED
>>>
>>>
>>>
>>> Hi Stanton,
>>>
>>> So is your earlier statement about things working just fine running the
>>> container page and shindig on different domains still true? We are
>>> running
>>> a proxy just like you are (actually in production it's a load balancer
>>> rule). I'd like to know if anyone has this working out of the box without
>>> a
>>> proxy and just the API_HOST and API_PATH config. Hopefully someone can
>>> respond.
>>>
>>> Mike started digging into this today and I'll continue next week (I'm in
>>> class this week), but I think his initial finding is that JsonRpcServlet
>>> is
>>> rejecting anything that isn't POST or GET (thus rejecting OPTIONS).
>>>
>>> Thanks for the help.
>>>
>>> doug
>>>
>>>
>>> On 3/22/12 11:30 AM, "Stanton Sievers" <[email protected]> wrote:
>>>
>>>> Hi Mike,
>>>>
>>>> I'm not sure even setting the headers would work (although I haven't
>>> tried
>>>> this in a while). My recollection is that part of CORS is that an
>>> OPTIONS
>>>> request is sent to Shindig's rpc endpoint as part of the "pre-flight"
>>>> step. The rpc servlet doesn't support OPTIONS and will return a 405.
>>> This
>>>> is something we could and probably should look at fixing in Shindig but
>>> no
>>>> one has taken the time to do so so far as I know. Again, it's been a
>>>> while since I've investigated this so things may have changed.
>>>>
>>>> The alternative, and what I've personally done, is have a proxy on the
>>>> container page's domain that can proxy the /rpc calls to Shindig. That
>>>> works just fine. You simply setup your API_HOST and API_PATH to utilize
>>>> the proxy url.
>>>>
>>>> Hope that helps.
>>>>
>>>> -Stanton
>>>>
>>>>
>>>>
>>>> From: Michael Matthews <[email protected]>
>>>> To: <[email protected]>, Stanton Sievers/Westford/IBM@Lotus,
>>>> Cc: Douglas Davies <[email protected]>
>>>> Date: 03/22/2012 11:17
>>>> Subject: Re: Shindig running on different domain than container
>>>> REVISITED
>>>>
>>>>
>>>>
>>>> First of all, thanks for the quick response to this.
>>>>
>>>> I've modified our UI to pass the API_HOST and API_PATH as mentioned
>>> below.
>>>> I
>>>> know see an HTTP OPTIONS request failing. From the browser's console:
>>>>
>>>> XMLHttpRequest cannot load
>>>>
>>> http://worldkat.dev.oclc.org/opensocial/rpc?st=oclc%3AilCK3wGsfqUWqIct7oHK19
>>>
>>>>
>>>>
>>> RHViz9iHzb9ON-FGx5SeW_dk80zHiMOislNdLbszrLT-d6tjzTJw97nDIx92xDoCfQ3LW-JuWc8w
>>>>
>>> k4HZrHckNYnMG9P1wiZtInHqq9-VqET8W-fusiWAAaazBul0ARi0RI2K6cJINxRZ7-7yhExX_Gny
>>>>
>>> IW4PumEVYs9f6-6iRR6WsUEoKGATW13PtUM3NmDNZOhFI2E19l4yTlLibK2r68IN7LY_Lx6QJ6kl
>>>>
>>> PN7a_cIe5IYBRFV-SAvcexnCfnnlp5gjbs9unXeGSDIedJesYi8daX0b4-DmUVFUMexi7e3txdCY
>>>>
>>> inHExk7XYfbAgjc8Qpi8YEngUiTJzI2E5A02_Eb9B8kf5KEeaR4yKehI3DTKY6JTMCO6dQupqzu7
>>>>
>>> oHDS2n7H3SgCIjpfzBycsrhiioiNJfOInQ0hd3FJ3g9U4geJzz_5mPli-vXB3xL6WaDL5wtXHYYT
>>>> GGVW0i_tKZKGTsjpFwLmD9gmytlt47pMEPW8zTWg. Origin http://localhost:8080
>>>> <http://localhost/> is not allowed by Access-Control-Allow-Origin.
>>>>
>>>> The OPTIONS request has the following headers set:
>>>>
>>>> Access-Control-Request-Method: POST
>>>> Origin: http://localhost:8080
>>>> Access-Control-Request-Headers: Origin, Content-Type
>>>>
>>>> I found the post
>>>> http://www.mail-archive.com/[email protected]/msg03230.html which
>>>> suggests additional configuration is required to set this in the PHP
>>>> version
>>>> of Shindig.
>>>>
>>>>
>>>> In the java version of shindig, is there additional configuration
>>> required
>>>> to set a Access-Control-Allow-Origin header on the response to allow the
>>>> cross-site request?
>>>>
>>>> Thanks
>>>> Mike
>>>>
>>>>
>>>> On 3/22/12 7:23 AM, "Stanton Sievers" <[email protected]> wrote:
>>>>
>>>>> From what I understand rpc_relay setup is only needed if you are using
>>>> the
>>>>> ifpc transport for rpc. You can force this by setting
>>> useLegacyProtocol
>>>>> in your container config but why you would want to do that I do not
>>>> know.
>>>>> With modern browsers (html5) Shindig makes use of window.postMessage
>>>>> (wpm) to do rpc and you don't have to worry about the relay setup. In
>>>>> general the fallback for non-html 5 browsers is using a flash technique
>>>> if
>>>>> possible. If you're interested in the way the rpc transport is chosen,
>>>>> you can check out rpc.js#getTransport() for more info.
>>>>>
>>>>> -Stanton
>>>>>
>>>>>
>>>>>
>>>>> From: "Davies,Douglas" <[email protected]>
>>>>> To: <[email protected]>,
>>>>> Date: 03/21/2012 20:28
>>>>> Subject: Re: Shindig running on different domain than container
>>>>> REVISITED
>>>>>
>>>>>
>>>>>
>>>>> Thanks Stanton. So no rpc_relay setup etc.? Seems last time I did this
>>>> I
>>>>> ran into that.
>>>>>
>>>>> Doug
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>> On Mar 21, 2012, at 3:43 PM, "Stanton Sievers" <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hi Doug,
>>>>>>
>>>>>> Yes, things work just fine running the container page and shindig on
>>>>>> different domains. You can set the
>>>>> osapi.container.ServiceConfig.API_HOST
>>>>>> and osapi.container.ServiceConfig.API_PATH when creating your
>>>>>> osapi.container.Container object to get the right pointers in place.
>>>>>>
>>>>>> Best regards,
>>>>>> -Stanton
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: daviesd <[email protected]>
>>>>>> To: shindig <[email protected]>,
>>>>>> Date: 03/21/2012 13:04
>>>>>> Subject: Shindig running on different domain than container
>>>>>> REVISITED
>>>>>>
>>>>>>
>>>>>>
>>>>>> About a year ago there was a discussion about shindig running on a
>>>>>> different
>>>>>> domain than the container.
>>>>>>
>>>>>> http://permalink.gmane.org/gmane.comp.web.shindig.devel/6824
>>>>>>
>>>>>> Up till this point we have been running our shindig servers and our
>>>>>> container webapps on the same domain. We¹d like to move away from
>>>> this.
>>>>>
>>>>>> Is
>>>>>> this possible with shindig 2.5.0? Have there been changes since this
>>>>>> discussion? If so, is there documentation on what configuration needs
>>>>> to
>>>>>> happen to get this to work?
>>>>>>
>>>>>> Thanks,
>>>>>> Doug
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
