EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Enabling CORS in TElHTTPSServer

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#35376
Posted: 01/05/2016 05:22:07
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

Hi
Using TElHTTPSServer I have created small HTTP server, which is simulating REST services server. On the other hand I am having ASP.NET application and there I am calling services from my TElHTTPSServer hosted on local host from JavaScript. Here we come to the CORS (cross-origin resource sharing), or possibility that JavaScript downloaded from one server, have to call services on another. This works by default in Internet Explorer, but in Firefox and Chrome some additional work has to be done. At least server needs to add the following header to its response:
Quote
Access-Control-Allow-Origin: *
. I have tried with
Code
m_currentResponse.CustomHeaders.Add("Access-Control-Allow-Origin", "*");

but it does not help. I am confused about this, so could you please explain me why property of TElHTTPServerResponseParams is called CustomHeaders? Are there some "custom" and some "standard" headers? Let me explain why I am asking this.
For example when I set from JavaScript following:
Code
var request = new XMLHttpRequest();
request.open("PUT", url, true);
request.setRequestHeader('Authorization', 'blah-blah');
request.send();

on server side I have this 'Authorization' header in property Authorization of TElHTTPServerRequestParams, but still on same class I have property CustomHeaders, which somehow confuses me. Is for example Authorization part of some "standard" headers so you put a property Authorization as a convenience for programmers? If so how can I set some other "standard" headers?
#35377
Posted: 01/05/2016 05:39:32
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

TElHTTPServerRequestParams class has separate properties for widely used headers like "Authorization". On the other hand "Access-Control-Allow-Origin" is not a widely used header and can be accessed via TElHTTPServerRequestParams.CustomHeaders property.

Quote
If so how can I set some other "standard" headers?

Please use TElHTTPServerRequestParams.CustomHeaders for headers that do not have separate properties.

Quote

but it does not help

This code doesn't include the header or its included, but JS still doesn't work?
#35379
Posted: 01/05/2016 05:43:21
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

Quote
This code doesn't include the header or its included, but JS still doesn't work?

Well it doesn't work. When I turned on fiddler I get warning as in picture attached. Could that be a reason?


#35380
Posted: 01/05/2016 05:51:43
by Vsevolod Ievgiienko (EldoS Corp.)

I see the reason. The correct code should be:

Code
m_currentResponse.CustomHeaders.Add("Access-Control-Allow-Origin: *"); // one parameter
#35381
Posted: 01/05/2016 06:08:18
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

Yup, now fiddler does not show a warning. However still this does not work with Firefox and Chrome :(
Firefox and Chrome are showing that request status is 0, although I set it in my TElHTTPSServer to 200.
It is working with IE and Edge (but it worked before as well, I mean before I tried to set Access-Control-Allow-Origin header).
#35382
Posted: 01/05/2016 06:12:29
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

And one thing more. The value for Access-Control-Allow-Origin now is =* and it should be only *. Maybe there is a catch?

Access-Control-Allow-Origin: =*


#35383
Posted: 01/05/2016 06:58:24
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
Access-Control-Allow-Origin: =*

What SecureBlackbox version do you use? It works correctly with the latest 14th build.
#35384
Posted: 01/05/2016 07:15:13
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

Quote
Vsevolod Ievgiienko wrote:
What SecureBlackbox version do you use? It works correctly with the latest 14th build.


I am using 14.0.285.0
#35385
Posted: 01/05/2016 07:28:59
by Eugene Mayevski (EldoS Corp.)

please re-check that you add the custom header only once and only by calling headers.Add() method with one parameter, not as ("name", "value"). The situation you describe can't happen if you add the complete line - there's no room for '=' to be inserted.


Sincerely yours
Eugene Mayevski
#35387
Posted: 01/05/2016 08:39:35
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

Oh, I'm sorry I overlooked Vsevolod answer that I have to use command with one parameter. Now when I changed to that GET requests are working :)

But funny thing is going on with PUT/POST requests. While IE and Edge are sending immediately PUT or POST request, Firefox and Chrome first are sending OPTIONS request. I don't know how to answer on that. My request looks like this:
Code
var request = new XMLHttpRequest();
request.open("PUT", url, true);
request.setRequestHeader('Authorization', result[0]);
request.send();
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 3829 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!