0

There have been lot of discussions about CORS and 'Access-Control-Allow-Origin' error, I have tried and read(doing it for 2 days now) lots of potential solutions but my concern is where to place the solution code. How and in which file do I need to make changes for header to give Access to all cross server calls. I am using Ember CLI, Tomcat Apache(which is getting data from database), running on Chrome, and using ember-data. May be a noob question but I really am not able to get out of it, really need help. Thanks in Advance.

UPDATE: I am running Apache Tomcat 7 via eclipse and using simple JAVA OracleJDBC request/response to get data.

sidharth
  • 3
  • 6
  • I am not sure how much will it help in your case as you are using apache but you can check this(http://aameer.github.io/articles/cross-origin-resource-sharing-cors/) post which I wrote sometime back for cors. Hope it helps – Aameer Sep 14 '15 at 10:14
  • @sidharth, you can set ENV.contentSecurityPolicyHeader = 'Disabled-Content-Security-Policy' in your config/environment.js file to disable the error. – phkavitha Sep 14 '15 at 12:55
  • @Aameer thanks, what i understand from this is that we need to set CORS header for client side as well as server side. Am I correct ? – sidharth Sep 15 '15 at 03:58
  • @phkavitha the method you suggested didnot remove the ''Access-Control-Allow-Origin' error. – sidharth Sep 15 '15 at 05:01
  • @sidharth yup you need it on both sides – Aameer Sep 15 '15 at 06:20

1 Answers1

0

Basically this error is not of the Ember-Cli. This is what your server (tomcat in your case) is responding, when your Ember application is communicating to your server. I don't know what version are you using of TomCat. But I will illustrate to you how to fix this problem in TomCat 7.

Open your web.xml file. It will be located in {apache-tomcat-directory}/conf/. You can add the filter to alter the CORS behavior anywhere in the file after the web-app root of XML file. But I will suggest you to do that after the portion of Built in Filter Mappings.

The filter will look like this:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

After adding this you will be able to bypass this error. But this is only recommended if you are doing it for development purposes. Please read here for complete understanding of TomCat's CORS filter.

FreshDev
  • 328
  • 1
  • 3
  • 18
  • I am using Tom Cat 7, and running it via eclipse. Your solution it doesn't seem to be bypassing the issue,since am still getting the same error, although it changes the url Method to 'GET' from 'OPTION' that it was previously showing. Any idea why ? – sidharth Sep 15 '15 at 06:55
  • when i made these changes i observed a new thing which was not happening priorly. when i hit the server directly via browser for database it does not display rather is gives error:--------.>>" >HTTP Status 405 - HTTP method GET is not supported by this URL type Status report message HTTP method GET is not supported by this URL description The specified HTTP method is not allowed for the requested resource." – sidharth Sep 15 '15 at 10:21
  • Try to add these also under the ``: `cors.allowed.methodsGET,POST,HEAD,OPTIONS,PUT` – FreshDev Sep 15 '15 at 10:36
  • however, this seems to work sonsummately >>>>>Ember.$.getJSON('http://localhost:8082/connection/testdb?tablename=members', function(data){ console.log(data.members[0].response);}) – sidharth Sep 15 '15 at 12:42
  • with your tags "ember g http-proxy posts" was needed to go cross server. – sidharth Sep 18 '15 at 05:30