1

I have an openIDM program and when users submit for update new password , it show "X-openIDM-Reauth-Password" which include my old password that i need to retype. Following is the screen shot from openidm side. enter image description here

So, i have my own UI and i was request from javascript ajax side with following ajax call. 

$.ajax({
        contentType: "application/json; charset=UTF-8",
        datatype: 'json',
        url: targetHost+"openidm/managed/user/"+userId,     
        xhrFields: {
            withCredentials: true,
        },
        headers: {
                    "X-Requested-With":"XMLHttpRequest" ,
                    "X-OpenIDM-Reauth-Password": oldPassword
                },
        crossDomain:true,

        data: JSON.stringify(data),
        type: 'PATCH',   
        success:function(result) {
            console.log("success");
            swal({
                title: updateSuccessMsgs.formSubmit.slogan,
                text: updateSuccessMsgs.formSubmit.success,
                type: "success"
            }, function() {
                window.location = "my-profile.html";
            });
        },
        error:function (error){
            sweetAlert(updateErrorMsgs.updateError.slogan, updateErrorMsgs.updateError.fail, "error");
            console.log(error);
        }
     });

and it throw me this error. 

XMLHttpRequest cannot load http://localhost:9090/openidm/managed/user/09096425-4ff1-42d4-8a4d-3a6b5004afca. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

Can someone explain me why? Appreciate it.

Achilles
  • 411
  • 1
  • 5
  • 27
  • 1
    lookup **CORS** - the server isn't sending headers to allow the client to "access" the resources - note: as this is a *preflight* error, it could simply be that the server doesn't understand what to do with an **OPTIONS** request method – Jaromanda X Jul 03 '17 at 04:48
  • 1
    You need to add `Access-Control-Allow-Origin:*` header on server also . – Atul Sharma Jul 03 '17 at 05:04

1 Answers1

1

I found the solution. I try to add one more value in servletfilter-cors.json as follow. I added the value of "X-OpenIDM-Reauth-Password" in "allowedHeaders" and it is success. 

{
    "classPathURLs" : [ ],
    "systemProperties" : { },
    "requestAttributes" : { },
    "scriptExtensions" : { },
    "initParams" : {
        "allowedOrigins" : "*",
        "allowedMethods" : "GET,POST,PUT,DELETE,PATCH",
        "allowedHeaders" : "accept,x-openidm-password,x-openidm-nosession,x-openidm-username,content-type,origin,X-OpenIDM-Reauth-Password,x-requested-with",
        "allowCredentials" : "true",
        "chainPreflight" : "false"
    },
    "urlPatterns" : [
        "/*"
    ],
    "filterClass" : "org.eclipse.jetty.servlets.CrossOriginFilter"
}
Achilles
  • 411
  • 1
  • 5
  • 27