0

I want to call REST-services from my Angular-app. However, these REST-services are hosted on WLP and are part of a WAR-file developed by some company a while ago, ie. we have no source code. I can call GET-methods without any issues from Postman, I just need to set authentication and accept headers. However, calling these GET-methods from Angular via web browsers will trigger preflight request (OPTIONS) without Authentication header prop. Seems to me that OPTIONS requests are triggered by the browsers and Angular cannot set headers for them. I confirmed OPTIONS requests need authentication by running requests via Postman with and without auth header prop. Similar problems were discussed in other posts on stackoverflow but in such cases people had control over their server side code and could alter it to avoid authentication headers for OPTIONS request. Clearly in my case, I cannot do it.

My question is if there is a possibility to configure WLP to not ask for authentication header prop in case of OPTIONS-requests (seems to be configurable for Apache web servers and Tomcat)?

Kind regards A.H.

Community
  • 1
  • 1
BTalker
  • 67
  • 9

1 Answers1

0

Even without source, you should be able to edit web.xml and modify the security-constraints to punch a hole for OPTIONS.

covener
  • 17,402
  • 2
  • 31
  • 45
  • Do you maybe know how? What if the source code contains filters, ie. possibly defining how OPTIONS-requests are being handled (w/wo auth prop)? – BTalker Apr 04 '16 at 13:06
  • you're stuck if it's access control in a filter. But at least check web.xml and try. http://stackoverflow.com/questions/8069640/whitelist-security-constraint-in-web-xml – covener Apr 04 '16 at 14:09
  • What should I look for in web.xml? – BTalker Apr 05 '16 at 06:29