It's all about the answers!

Ask a question

Does RTC support CORS (Cross-Origin Resource)? Needed for a Javascript OSLC consumer


Stefan Hufnagl (29411519) | asked May 15 '14, 1:54 a.m.
 Hi,

Situation:
* Javascritp running in a Web UI want to access RTC OSLC from a different Domain
* The Browser don't allow this because of the Same Origin Policy (SOP).
* Modern Server could support this situation with CORS.
* I need this to access the OSLC rootservices and other do implement a Javascript OSLC consumer.

Question:
* Does RTC (or JTS) support CORS?
* If yes, how to enable it? 

Observations:
* There is a "Cross Domain White List" Option at the advanced properties settings of JTS.
* Even if switched on the JTS Server never send back a Header like Access-Control-Allow-Origin: http://foo.example
* Interesting is the JTS Server give back the rootservives document but the Browser say  No 'Access-Control-Allow-Origin' header is present on the requested resource.

Thanks in advance

Stefan

Comments
Lukas Steiger commented Aug 27 '14, 5:55 a.m.

 I'm also interested in this. Did you find a solution?

Accepted answer


permanent link
Donald Nong (14.3k213) | answered Aug 28 '14, 6:00 a.m.
Here is a way to do it, but you need to verify whether you can achieve what you want to do after getting the HTTP header.
1. Download the latest of Tomcat to replace the one shipped with CLM.
2. Install the new Tomcat.
3. Migrate the settings (server.xml, tomcat-user.xml and etc) and web applications to the new Tomcat.
4. Add a new filter to the Tomcat configuration as described in the document below.
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
5. Start the Tomcat server to verify.

The reason for a new Tomcat is that the CORS feature is implemented in Tomcat 7.0.41 and up while CLM ships with Tomcat 7.0.32.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55046

I tested with /jts/rootservices as mentioned in the original post. As I used a pattern "*" (allow all), the value of the HTTP request header "Origin" would appear in the response HTTP header "Access-Control-Allow-Origin" in my testing.
Stefan Hufnagl selected this answer as the correct answer

Your answer


Register or to post your answer.