0

I have been trying to get javascript to consume a SOAP service for days and cannot get it to work. It will work in Excel, SOAP-UI, Fiddler, Flex, but not in HTML/Javascript. Any help would be appreciated.

So far I have looked at a simple example at Simplest SOAP example. I followed the code there substituting the appropriate parts for my web service. The errors I get all seem to point to the common CORS errors.

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.

I have looked all around to find out why that is the case and tried all sorts of solutions but none have worked.

Here is my code to call the webservice

<script type="text/javascript">
    function soap() {
        var xmlhttp = new XMLHttpRequest();
        xmlhttp.open('POST', 'https://myurl', true);

        // build SOAP request
        var sr =
        '<?xml version="1.0" encoding="UTF-8"?>' + 
    '<soap:Envelope ' +
    'xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" ' + 
    'xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" ' + 
    'xsi:schemalocation="http://schemas.xmlsoap.org/soap/envelope/">' +
    '<soap:Body>' +
    '<mymethod xmlns="http://my.com/server/">' +
    '<Key>123456789</Key>' +
    '</mymethod>' +
    '</soap:Body></soap:Envelope>';

     xmlhttp.onreadystatechange = function () {
            if (xmlhttp.readyState == 4) {
                if (xmlhttp.status == 200) {
                    alert('done. use firebug/console to see network response');
                }
            }
        }
        // Send the POST request
        xmlhttp.setRequestHeader('Content-Type', 'text/xml');
        xmlhttp.setRequestHeader('Authorization', 'Basic myusername/password here');
        xmlhttp.send(sr);
    }
</script>

The HTML is just a button to run the javascript. When I click it I get two errors:

OPTIONS xxxxxxxxxxxxxx 403 (Forbidden)

(xxxxxxxxxxxxx is my url) and

https://xxxxxxxxxxxxxxxxxxxxx: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.

Any ideas why this wouldn't be working? Another big questions is why does it work in Fiddler and not on my web page? I used Fiddlers composer tab and entered in pretty much the same information detailed above and it works fine.

Thanks.

Matt
  • 128
  • 1
  • 8
  • Use a proxy on your server. Fiddler is not subject to CORS restrictions the way browsers are. That API is not CORS enabled. Not an uncommon problem easily solved using a proxy – charlietfl Jan 09 '18 at 01:02
  • Ok, good info. I will look around and see what I can find out about that and come back if I have more questions. – Matt Jan 09 '18 at 02:40

1 Answers1

0

In case anyone comes here looking for an answer, here is what I came up with.

Based on the suggestion above to use a proxy I looked around and found no way to use a proxy (the service is coming from an old mainframe with other components cobbled together). But, building off that idea here is what I did.

I am using ColdFusion as the web server. It has the ability to use .NET dlls. So, I created a DLL that would access the SOAP service and return a result. I was able to capture this result in the ColdFusion page (using jquery/javascript) and use it just like I called it directly from Javascript.

So, I suppose this might be what was meant by using a proxy like charlietfl mentioned above.

Matt
  • 128
  • 1
  • 8