4

I have a .Net website, hosted on an intranet web server. On the .Net site I have a basic jquery ajax call to our mirth machine. I'm trying to hit the client apis that are provided with the base install of mirth.

We are running mirth 3.9.1, with a default mirth.properties page, so the CORS settings should be correct.

I've tried a variety of settings in mirth.properties (and restarted mcservice between changes) and a variety of $.ajax settings, but cannot seem to find the right mix.

According to this answer: (https://stackoverflow.com/a/47096927/505829), I should be able to use basic authentication, but even if I have to make two calls, I'm ok with that, I just need something that works. Though one call would be preferred.

Here is the ajax call

                $.ajax
                ({
                    type: "GET",
                    url: "https://ngmaintst01:8443/api/channels",
                    dataType: 'json',
                   // username: username,
                   // password: password,
                   // crossDomain: true,
                    beforeSend: function (xhr) {
                        xhr.setRequestHeader('Authorization', 'Basic ' + btoa(username + ":" + password));
                    },
                    xhrFields: {
                        withCredentials: true
                    },
                   // headers: {
                   //   "Authorization": "Basic " + btoa(username + ":" + password)
                   // },
                    success: function () {
                        alert('success');
                    }
                });

Here is the mirth properties:

# CORS headers
server.api.accesscontrolalloworigin = *
server.api.accesscontrolallowcredentials = false
server.api.accesscontrolallowmethods = GET, POST, DELETE, PUT
server.api.accesscontrolallowheaders = Content-Type
server.api.accesscontrolexposeheaders =
server.api.accesscontrolmaxage =

If I take the one call aproach, illistrated above, in chromes dev console I get:

(failed)net::ERR_FAILED

If I take a two call approach (below), the first call is successful (code 200), and the second gets the same error as the single call approach '(failed)net::ERR_FAILED', This time it appears the second call does NOT go out with the cookie session data, which is why a single call approach may be ideal.

$.ajax({
                    type: 'POST',
                    url: 'https://' + APPLIANCE+':8443/api/users/_login',
                    contentType: 'application/x-www-form-urlencoded',
                    dataType: 'xml',
                    data: { username: username, password: password },
                    success: function (data, textStatus, jqXHR) {

                        //alert(textStatus);
                        $.ajax({
                            type: 'GET',
                            url: 'https://' + APPLIANCE + ':8443/api/channels/' + channelid + '/statistics',
                            dataType: 'xml',
                            crossDomain: true,
                            xhrFields: { withCredentials: true },
                            //data: data,
                            //success: function(data, textStatus, jqXHR){ alert(textStatus); },
                            //error: function(jqXHR, textStatus, errorThrown){ alert(textStatus);}
                        });
                    },
                    error: function (jqXHR, textStatus, errorThrown) { alert(textStatus); }

                });
Todd Horst
  • 853
  • 10
  • 22
  • What errors, problems, or data are you getting with your current calls? HTTP 401/403? Specific CORS errors in the logs? – Freiheit Sep 24 '20 at 19:56

1 Answers1

1

I was able to get this working with some help from the mirth folks on slack. There is a "problem" in that, as far as I know, it will only support one web server. So I either need to have both my test and prod site on this one server, or no test.

Alternatively, I will just use a proxy back end service to circumvent cors altogether. So my local js will call my local proxy server, and forward the request on to mirths api.

Still, for posterity, here is how to get cors to work.

(One possible feature for mirth to implement would be dynamic accesscontrolalloworigin, where you provide an 'access list' of domains, and so long as the request is coming from one of those domains, it spits out, dynamically, that servers name. This would enable me to have multiple servers calling these apis. ala Access-Control-Allow-Origin Multiple Origin Domains?)

# CORS headers
server.api.accesscontrolalloworigin = https://MyDomainServer
server.api.accesscontrolallowcredentials = true
server.api.accesscontrolallowmethods = GET,HEAD,OPTIONS,POST,PUT
server.api.accesscontrolallowheaders = Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization 
server.api.accesscontrolexposeheaders =
server.api.accesscontrolmaxage =

$.ajax
({
    type: "GET",
    url: "https://MirthAppliance:8443/api/channels",
    dataType: 'json',
    xhrFields: {
       withCredentials: true
    },
    headers: {
        "Authorization": "Basic " + btoa(username + ":" + password)
    },
    success: function () {
        //alert('success');
    },
    error: function (xhr, status, error) {
        var errorMessage = xhr.status + ': ' + xhr.statusText
       // alert('Error - ' + errorMessage);
    }
});
Todd Horst
  • 853
  • 10
  • 22