0

I am making the following request: 

function doPoolPartyGetChildrenAjaxRequest(parent) {

return $.ajax({

    url: "http://127.0.0.1:8086/PoolParty/api/thesaurus/1DCE2E49-7DD8-0001-524C-1A1B14A0141A/childconcepts",

    data: {language: "en", parent: parent, properties: "skos:narrower"},

    username: 'xxxx',
    password: 'xxxx',

    dataType: 'json',

    crossDomain: true,


    beforeSend: function (req) {
        req.setRequestHeader('Authorization', 'Basic ' + btoa('superadmin:poolparty'));
    },

    xhrFields: {
        withCredentials: true
    },

    error: function (jqXHR, textStatus, errorThrown) {
        console.log(textStatus);
    },

    success: function (data) {

        for (var i = 0; i < data.length; i++) {
            data[i].title = data[i].prefLabel

            if (!(data[i].narrowers === undefined)) {
                data[i].lazy = true
            }
        }

        data.sort(function(a, b) {

            if (a.prefLabel.toLowerCase() == b.prefLabel.toLowerCase())
                return 0;
            if (a.prefLabel.toLowerCase() > b.prefLabel.toLowerCase())
                return 1;
            else
                return -1

        });

    }
})

What do i need to do to have it working, here is the error that i am getting:

OPTIONS http://127.0.0.1:8086/PoolParty/api/thesaurus/1DCE2E49-7DD8-0001-524C-1A1B…Fthesaurus.iadb.org%2Fpublicthesauri%2FIdBTopics&properties=skos%3Anarrower 401 (Unauthorized) m.ajaxTransport.send
m.extend.ajax doPoolPartyGetChildrenAjaxRequest setPoolPartyTreeBroswer
(anonymous function)
m.Callbacks.j m.Callbacks.k.fireWith
m.extend.ready
J XMLHttpRequest cannot load http://127.0.0.1:8086/PoolParty/api/thesaurus/1DCE2E49-7DD8-0001-524C-1A1B14A0141A/childconcepts?language=en&parent=http%3A%2F%2Fthesaurus.iadb.org%2Fpublicthesauri%2FIdBTopics&properties=skos%3Anarrower. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. The response had HTTP status code 401. error

I don't understand the error well. How can i see if my code is sending the right headers to the server ? How can i see what the server respond.

My Tomcat 7 config is as follows:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

I don't know what else i have to do. Please can anyone guide me on this.

How can i check things out, what is send receive. Is there anything particular with jquery 1.10.2.

Is there something wrong with the corsfilter of Tomcat 7 ?

I had working in the past with tomcat6. Since then i change to tomcat 7, and it simply does not work.

Cœur
  • 37,241
  • 25
  • 195
  • 267
MaatDeamon
  • 9,532
  • 9
  • 60
  • 127
  • You may need to use jsonp or CORS if the request is going out to a domain other than the one hosting the web page. http://stackoverflow.com/questions/2067472/what-is-jsonp-all-about – Allen Tellez Jul 22 '15 at 22:51
  • But isn't it what i do already with the Cors configuration i show above ? I have just allowed the Cors Filter. The one coming by default on Tomcat 7 – MaatDeamon Jul 22 '15 at 23:17

2 Answers2

0

Are you running Chrome with CORS disabled? Try running from the command line:

google-chrome --disable-web-security

For more information on how to disable web security, check here

Community
  • 1
  • 1
ronnyb
  • 78
  • 1
  • 7
  • Well this is not for development purpose. It is a configuration that will run in production. An application in one machine runing against a service on another machine – MaatDeamon Jul 22 '15 at 23:22
0

You need to set the Access-Control-Allow-Origin response header also to get CORS work

Try 

 headers.add("Access-Control-Allow-Origin", "*");

I have done this earlier like this in Spring MVC.

package org.springframework.web.servlet.support;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;

public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        response.addHeader("Access-Control-Allow-Origin", "*");        
        if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())); {
            // CORS "pre-flight" request
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            response.addHeader("Access-Control-Allow-Headers", "Authorization");        
            response.addHeader("Access-Control-Max-Age", "1728000");
        }
        filterChain.doFilter(request, response);
    }

}

// example web.xml configuration

/*
  <filter>
    <filter-name>cors</filter-name>
    <filter-class>org.springframework.web.servlet.support.CorsFilter</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>cors</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
*/

I also did what is mentioned here

package com.zhentao;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.filter.OncePerRequestFilter;
public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
            // CORS "pre-flight" request
            response.addHeader("Access-Control-Allow-Origin", "*");
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            response.addHeader("Access-Control-Allow-Headers", "Content-Type");
            response.addHeader("Access-Control-Max-Age", "1800");//30 min
        }
        filterChain.doFilter(request, response);
    }
}

The web.xml needs adding the following too:

  <filter>
    <filter-name>cors</filter-name>
    <filter-class>com.zhentao.CorsFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>cors</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
kiranvj
  • 32,342
  • 7
  • 71
  • 76
  • Sorry i am a bit lost. Are we still talking of the original Tomcat support. Shall i get rid of it ? where this line headers.add("Access-Control-Allow-Origin", "*"); is added exactly, javascript??? – MaatDeamon Jul 22 '15 at 23:15
  • All response headers has to be set from server in your Java code – kiranvj Jul 22 '15 at 23:17
  • The Tomcat Server is running an application i have few control about. It is a vendor application. Although they told me i should follow the Tomcat official instruction to set up the Cors filtering if i want to. Beside i am no spring guy at all. – MaatDeamon Jul 22 '15 at 23:19
  • But do you have experience with the official tomcat CORS filtering ? – MaatDeamon Jul 22 '15 at 23:20
  • No, I havent used that. Maybe someone else can help u here – kiranvj Jul 22 '15 at 23:36
  • I want to try your filter, because using the native seems to be a dead end. I'm not familiar with spring however. One thing that i know is that, the application also use Spring Security. Do you think that might have some impact ? – MaatDeamon Jul 23 '15 at 17:43
  • Where should this line be added exactly: headers.add("Access-Control-Allow-Origin", "*"); I'm not sure to understand. Somewhere else than in the filter ? – MaatDeamon Jul 23 '15 at 17:48
  • I saw the following. http://stackoverflow.com/questions/22886186/how-to-setup-access-control-allow-origin-filter-problematically-in-spring-securi – MaatDeamon Jul 23 '15 at 18:06
  • I can not modify the application itself because it is a vendor. However i can change config files and myabe add a different cors filter – MaatDeamon Jul 23 '15 at 18:06
  • If you cannot modify the application files, I doubt if you can set the response headers – kiranvj Jul 23 '15 at 22:55
  • Yeah, got to them to add it – MaatDeamon Jul 25 '15 at 02:06