-1

I am wokring on angular and rendering the SSRS report in app using package. My app is running on

http://localhost:52698/

and SSRS server is on different domain

http:\ssrsservername\ReportServer.

Report server main page rendered successfully. But when I click on any of reports than it gives me error of same origin.

Refused to display 'http://servername/ReportServer/Pages/ReportViewer.aspx?%2fSSRS%2fCascadingReport&rs:Command=Render' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

That's because I am calling report from different domain as per my research.

So, doing by some research I came to know that I need to enable CORS policy in SSRS server so I changes the global.asax file of SSRS with following code.

 <%@ Application Inherits="Microsoft.ReportingServices.WebServer.Global" %>
<%@ Import namespace="System.Web" %>
<%@ Import namespace="System.Security" %>

<script runat="server">
private static bool init;
private static object lockObject = new object();
void Application_BeginRequest(object sender, EventArgs e)
{
lock(lockObject)
{
    if (!init)
    {
        HttpContext context = HttpContext.Current;
        HttpResponse response = context.Response;
        string allow = @"Access-Control-Allow-Origin";

        // enable CORS
        response.AddHeader(allow, "http://localhost:52698/");
        response.AddHeader("X-Content-Security-Policy", "default-src *;");
        response.AddHeader(@"Access-Control-Allow-Credentials", "true");

        if (context.Request.HttpMethod == "OPTIONS")
        {
            response.AddHeader(@"Access-Control-Allow-Methods", "GET, POST");
            response.AddHeader(@"Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");
            response.AddHeader(@"Access-Control-Max-Age", "1728000");
            response.StatusCode = 200;
            response.End();
            HttpApplication httpApplication = (HttpApplication)sender;
            httpApplication.CompleteRequest();
        }
        init = true;
    }
    else
    {
        init = false;
    }
}

}

But still getting error same error. I followed some articles articles and answers but didn't work for me.

I am new to this and didn't know what to do now and also don't know whats wrong with configurations. What is the correct way to apply CORS policy for SSRS.

I'd appreciate any help. Thanks!

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Virender Thakur
  • 327
  • 3
  • 12
  • Does this answer your question? [Understanding CORS](https://stackoverflow.com/questions/25845203/understanding-cors) – Liam Dec 04 '20 at 08:54
  • I know what is the problem and thanks for sharing this. But I am looking for solutions where these settings needs to add and any other way. – Virender Thakur Dec 04 '20 at 09:01
  • Remove whatever code the server for the `http://servername/ReportServer/Pages/ReportViewer.aspx` endpoint is using to add the X-Frame-Options response header to its responses — or else at least make it not set the value to "sameorigin". And that has nothing to do with any CORS configuration might also be set on the server. Whatever code it adding the X-Frame-Options header isn’t shown in the question, so the code snippet in the question is completely irrelevant. – sideshowbarker Dec 04 '20 at 09:53
  • @sideshowbarker Ok than what should be code instead of this code snippet. – Virender Thakur Dec 04 '20 at 10:30

1 Answers1

-1

For enabling CORS you need to specify which domain allow to make requests. The code above allow http://yoursourcedomain.com domain to make requests into the Report Server. You need to use domain on which the angular app run.

Try to replace the line: response.AddHeader(allow, "http://yoursourcedomain.com"); with response.AddHeader(allow, "http://localhost:52698/");

Dávid Gergely
  • 25
  • 7