Does RTC support CORS (Cross-Origin Resource)? Needed for a Javascript OSLC consumer
Hi,
Situation:
* Javascritp running in a Web UI want to access RTC OSLC from a different Domain
* The Browser don't allow this because of the Same Origin Policy (SOP).
* Modern Server could support this situation with CORS.
* I need this to access the OSLC rootservices and other do implement a Javascript OSLC consumer.
Question:
* Does RTC (or JTS) support CORS?
* If yes, how to enable it?
Observations:
* There is a "Cross Domain White List" Option at the advanced properties settings of JTS.
* Even if switched on the JTS Server never send back a Header like Access-Control-Allow-Origin: http://foo.example
* Interesting is the JTS Server give back the rootservives document but the Browser say No 'Access-Control-Allow-Origin' header is present on the requested resource.
Thanks in advance
Stefan
Accepted answer
Here is a way to do it, but you need to verify whether you can achieve what you want to do after getting the HTTP header.
1. Download the latest of Tomcat to replace the one shipped with CLM.
2. Install the new Tomcat.
3. Migrate the settings (server.xml, tomcat-user.xml and etc) and web applications to the new Tomcat.
4. Add a new filter to the Tomcat configuration as described in the document below.
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
5. Start the Tomcat server to verify.
The reason for a new Tomcat is that the CORS feature is implemented in Tomcat 7.0.41 and up while CLM ships with Tomcat 7.0.32.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55046
I tested with /jts/rootservices as mentioned in the original post. As I used a pattern "*" (allow all), the value of the HTTP request header "Origin" would appear in the response HTTP header "Access-Control-Allow-Origin" in my testing.
Comments
Lukas Steiger
Aug 27 '14, 5:55 a.m.I'm also interested in this. Did you find a solution?