Re: [Dev] Cross origin REST call fails with 403 Forbidden Error
Hi Miyuru/Thamali,
I have managed to make the cross origin calls work through curl. In the
previous curl call the necessary headers were not sent. Following is the
correct curl cross origin call.
*OPTIONS request (Preflight)*
curl -H "Origin: http://example.com"; *-H "Access-Control-Request-Method:
GET"* * -H "Access-Control-Request-Headers: X-Requested-With" * -X
OPTIONS --verbose https://localhost:9443/api/configs/algorithms
*Sample cross origin POST request*
curl -H "Origin: http://example.com"; -H "Content-Type: application/json"
-H "Authorization: Basic YWRtaW46YWRtaW4=" -X POST --verbose
https://localhost:9443/api/models/1/publish -k
The above two calls are responding with the necessary cross origin headers.
Please note that Swagger editor still sends a 403. This could be due to the
self signed certificate or some other issue.
On Wed, Nov 25, 2015 at 10:10 AM, Fazlan Nazeem wrote:
> Hi Thilini,
>
> I have tried mapping localhost to a different domain and the issue still
> remains. Furthermore the options call using curl as following also gives a
> 403.
>
> curl -X options -H "Origin: test.com" -H "Content-Type:
>> application/json" -H "Authorization: Basic YWRtaW46YWRtaW4=" -v
>> https://localhost:9443/api/datasets -k
>
>
> but the following returns the correct headers.
>
> curl -X options -H "Content-Type: application/json" -H "Authorization:
>> Basic YWRtaW46YWRtaW4=" -v https://localhost:9443/api/datasets -k
>
>
>
> On Wed, Nov 25, 2015 at 9:06 AM, Thilini Cooray wrote:
>
>> Hi,
>>
>> [1] has mentions that Chrome does not support localhost to go through
>> the Access-Control-Allow-Origin, therefore we need to map localhost to a
>> different domain. Further details regarding this issue in chrome is
>> discussed in [2].
>>
>> Can this be any help for you?
>>
>> [1]
>> http://stackoverflow.com/questions/28547288/no-access-control-allow-origin-header-is-present-on-the-requested-resource-err
>> [2] https://code.google.com/p/chromium/issues/detail?id=67743
>>
>> Thanks.
>>
>> On Tue, Nov 24, 2015 at 9:59 PM, Fazlan Nazeem wrote:
>>
>>> Hi,
>>>
>>> I need cross origin support for a REST API. In order to achieve it I am
>>> trying to set the following headers in the response.
>>>
"Access-Control-Allow-Origin", "*"
"Access-Control-Allow-Headers","*"
"Access-Control-Allow-Methods","GET, POST, DELETE"
>>>
>>>
>>>
>>> My current implementation is as follows.
>>>
>>> in web.xml
>>>
CorsFilter
org.apache.catalina.filters.CorsFilter
>>>
>>>
CorsFilter
/*
>>>
>>>
>>>
>>>
>>> the Rest implementation
>>>
>>> @Path("/datasets")public class DatasetApiV10 extends MLRestAPI {
>>>
>>> @OPTIONS
>>> public Response options() {
>>> return Response.ok().header("Access-Control-Allow-Origin",
>>> "*").header("Access-Control-Allow-Headers","*").header("Access-Control-Allow-Methods","GET,
>>> POST, DELETE").build();
>>> }
>>>
>>> Cross origin headers are *not set *in the response header when a cross
>>> origin call is made, but those headers are *set* when I do a local
>>> OPTIONS call for the API using cURL or a REST client.
>>>
>>> Following is the error message I am getting in chrome console.
>>>
>>> XMLHttpRequest cannot load https://localhost:9443/api/datasets.
>>> Response to preflight request doesn't pass access control check: No
>>> 'Access-Control-Allow-Origin' header is present on the requested resource.
>>> Origin 'http://localhost:8080' is therefore not allowed access. The
>>> response had HTTP status code 403
>>>
>>>
>>> Any suggestion to solve this issue?
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> Fazlan Nazeem
>>>
>>> *Software Engineer*
>>>
>>> *WSO2 Inc*
>>> Mobile : +94772338839
>>> <%2B94%20%280%29%20773%20451194>
>>> fazl...@wso2.com
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Best Regards,
>>
>> *Thilini Cooray*
>> Software Engineer
>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
>> E-mail : thili...@wso2.com
>>
>> WSO2 Inc. www.wso2.com
>> lean.enterprise.middleware
>>
>
>
>
> --
> Thanks & Regards,
>
> Fazlan Nazeem
>
> *Software Engineer*
>
> *WSO2 Inc*
> Mobile : +94772338839
> <%2B94%20%280%29%20773%20451194>
> fazl...@wso2.com
>
--
Thanks & Regards,
Fazlan Nazeem
*Software Engineer*
*WSO2 Inc*
Mobile : +94772338839
<%2B94%20%280%29%20773%20451194>
fazl...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Cross origin REST call fails with 403 Forbidden Error
Hi Thilini,
I have tried mapping localhost to a different domain and the issue still
remains. Furthermore the options call using curl as following also gives a
403.
curl -X options -H "Origin: test.com" -H "Content-Type: application/json"
> -H "Authorization: Basic YWRtaW46YWRtaW4=" -v
> https://localhost:9443/api/datasets -k
but the following returns the correct headers.
curl -X options -H "Content-Type: application/json" -H "Authorization:
> Basic YWRtaW46YWRtaW4=" -v https://localhost:9443/api/datasets -k
On Wed, Nov 25, 2015 at 9:06 AM, Thilini Cooray wrote:
> Hi,
>
> [1] has mentions that Chrome does not support localhost to go through the
> Access-Control-Allow-Origin, therefore we need to map localhost to a
> different domain. Further details regarding this issue in chrome is
> discussed in [2].
>
> Can this be any help for you?
>
> [1]
> http://stackoverflow.com/questions/28547288/no-access-control-allow-origin-header-is-present-on-the-requested-resource-err
> [2] https://code.google.com/p/chromium/issues/detail?id=67743
>
> Thanks.
>
> On Tue, Nov 24, 2015 at 9:59 PM, Fazlan Nazeem wrote:
>
>> Hi,
>>
>> I need cross origin support for a REST API. In order to achieve it I am
>> trying to set the following headers in the response.
>>
>>> "Access-Control-Allow-Origin", "*"
>>> "Access-Control-Allow-Headers","*"
>>> "Access-Control-Allow-Methods","GET, POST, DELETE"
>>
>>
>>
>> My current implementation is as follows.
>>
>> in web.xml
>>
>>>
>>> CorsFilter
>>> org.apache.catalina.filters.CorsFilter
>>>
>>>
>>
>>
>>>
>>> CorsFilter
>>> /*
>>
>>
>>
>>>
>>>
>>
>> the Rest implementation
>>
>> @Path("/datasets")public class DatasetApiV10 extends MLRestAPI {
>>
>> @OPTIONS
>> public Response options() {
>> return Response.ok().header("Access-Control-Allow-Origin",
>> "*").header("Access-Control-Allow-Headers","*").header("Access-Control-Allow-Methods","GET,
>> POST, DELETE").build();
>> }
>>
>> Cross origin headers are *not set *in the response header when a cross
>> origin call is made, but those headers are *set* when I do a local
>> OPTIONS call for the API using cURL or a REST client.
>>
>> Following is the error message I am getting in chrome console.
>>
>> XMLHttpRequest cannot load https://localhost:9443/api/datasets. Response
>> to preflight request doesn't pass access control check: No
>> 'Access-Control-Allow-Origin' header is present on the requested resource.
>> Origin 'http://localhost:8080' is therefore not allowed access. The
>> response had HTTP status code 403
>>
>>
>> Any suggestion to solve this issue?
>>
>>
>> --
>> Thanks & Regards,
>>
>> Fazlan Nazeem
>>
>> *Software Engineer*
>>
>> *WSO2 Inc*
>> Mobile : +94772338839
>> <%2B94%20%280%29%20773%20451194>
>> fazl...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Best Regards,
>
> *Thilini Cooray*
> Software Engineer
> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
> E-mail : thili...@wso2.com
>
> WSO2 Inc. www.wso2.com
> lean.enterprise.middleware
>
--
Thanks & Regards,
Fazlan Nazeem
*Software Engineer*
*WSO2 Inc*
Mobile : +94772338839
<%2B94%20%280%29%20773%20451194>
fazl...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Cross origin REST call fails with 403 Forbidden Error
Hi,
[1] has mentions that Chrome does not support localhost to go through the
Access-Control-Allow-Origin, therefore we need to map localhost to a
different domain. Further details regarding this issue in chrome is
discussed in [2].
Can this be any help for you?
[1]
http://stackoverflow.com/questions/28547288/no-access-control-allow-origin-header-is-present-on-the-requested-resource-err
[2] https://code.google.com/p/chromium/issues/detail?id=67743
Thanks.
On Tue, Nov 24, 2015 at 9:59 PM, Fazlan Nazeem wrote:
> Hi,
>
> I need cross origin support for a REST API. In order to achieve it I am
> trying to set the following headers in the response.
>
>> "Access-Control-Allow-Origin", "*"
>> "Access-Control-Allow-Headers","*"
>> "Access-Control-Allow-Methods","GET, POST, DELETE"
>
>
>
> My current implementation is as follows.
>
> in web.xml
>
>>
>> CorsFilter
>> org.apache.catalina.filters.CorsFilter
>>
>>
>
>
>>
>> CorsFilter
>> /*
>
>
>
>>
>>
>
> the Rest implementation
>
> @Path("/datasets")public class DatasetApiV10 extends MLRestAPI {
>
> @OPTIONS
> public Response options() {
> return Response.ok().header("Access-Control-Allow-Origin",
> "*").header("Access-Control-Allow-Headers","*").header("Access-Control-Allow-Methods","GET,
> POST, DELETE").build();
> }
>
> Cross origin headers are *not set *in the response header when a cross
> origin call is made, but those headers are *set* when I do a local
> OPTIONS call for the API using cURL or a REST client.
>
> Following is the error message I am getting in chrome console.
>
> XMLHttpRequest cannot load https://localhost:9443/api/datasets. Response
> to preflight request doesn't pass access control check: No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://localhost:8080' is therefore not allowed access. The
> response had HTTP status code 403
>
>
> Any suggestion to solve this issue?
>
>
> --
> Thanks & Regards,
>
> Fazlan Nazeem
>
> *Software Engineer*
>
> *WSO2 Inc*
> Mobile : +94772338839
> <%2B94%20%280%29%20773%20451194>
> fazl...@wso2.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Best Regards,
*Thilini Cooray*
Software Engineer
Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
E-mail : thili...@wso2.com
WSO2 Inc. www.wso2.com
lean.enterprise.middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Cross origin REST call fails with 403 Forbidden Error
Hi,
I need cross origin support for a REST API. In order to achieve it I am
trying to set the following headers in the response.
> "Access-Control-Allow-Origin", "*"
> "Access-Control-Allow-Headers","*"
> "Access-Control-Allow-Methods","GET, POST, DELETE"
My current implementation is as follows.
in web.xml
>
> CorsFilter
> org.apache.catalina.filters.CorsFilter
>
>
>
> CorsFilter
> /*
>
>
the Rest implementation
@Path("/datasets")public class DatasetApiV10 extends MLRestAPI {
@OPTIONS
public Response options() {
return Response.ok().header("Access-Control-Allow-Origin",
"*").header("Access-Control-Allow-Headers","*").header("Access-Control-Allow-Methods","GET,
POST, DELETE").build();
}
Cross origin headers are *not set *in the response header when a cross
origin call is made, but those headers are *set* when I do a local OPTIONS
call for the API using cURL or a REST client.
Following is the error message I am getting in chrome console.
XMLHttpRequest cannot load https://localhost:9443/api/datasets. Response to
preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access. The
response had HTTP status code 403
Any suggestion to solve this issue?
--
Thanks & Regards,
Fazlan Nazeem
*Software Engineer*
*WSO2 Inc*
Mobile : +94772338839
<%2B94%20%280%29%20773%20451194>
fazl...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
