It's all about the answers!

Ask a question

Cross-domain request in Firefox to get DWA data into an OpenSocial gadget in RQM


Leire Torres (36721) | asked Oct 01 '15, 9:45 a.m.
edited Oct 01 '15, 11:29 a.m. by Mehul Patel (9695)
I am developing an OpenSocial gadget (JavaScript language) for RQM (Rational Quality Manager) that gets information from DWA (Doors Web Access). The gadget is running on RQM (https://:9443/) and I want to make request to the DWA (https://:8443/).

The gadget runs correctly in IE, but when I run in Firefox I get the following error:

> Cross-Origin Request Blocked: The Same Origin Policy disallows reading
> the remote resource at https://<host>:8443/xxxx. (Reason: CORS header
> 'Access-Control-Allow-Origin' missing). <unknown> Cross-Origin Request
> Blocked: The Same Origin Policy disallows reading the remote resource
> at https://<host>:8443/xxxx. (Reason: CORS request failed). <unknown>

What could be the issue and what can I do? Is there anything I can do on the client side? Is DWA compatible with CORS (Cross-origin resource sharing)?

Thanks in advance!

One answer



permanent link
Donald Nong (14.5k614) | answered Oct 02 '15, 1:59 a.m.
This is explained in details in the below article (also on why IE works)
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

If you are using Tomcat and would like to configure CORS, check out the answer in this post.
https://jazz.net/forum/questions/151485/does-rtc-support-cors-cross-origin-resource-needed-for-a-javascript-oslc-consumer

Comments
Leire Torres commented Oct 08 '15, 4:43 a.m. | edited Oct 11 '15, 7:36 p.m.

 Thanks for the answer Donald.


I tried the steps you mention in the other post but I can´t achieve what I want.

The Tomcat version the CLM uses is 7.0.54, so I skip the first 3 steps and I started adding a new filter to the Tomcat configuration as described in the document; adding to the JTS/conf/web.xml file the next lines:

<!-- ================== Built In Filter Definitions ===================== -->
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>

<!-- ==================== Built In Filter Mappings ====================== -->
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

But when I execute the OpenSocial gadget from Firefox, still the following error appears: 

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://<host>:<port>/jts/rootservices. (Reason: CORS header 'Access-Control-Allow-Origin' missing). 

The request I made from Javascript is:

var rootServices = new XMLHttpRequest();
rootServices.onreadystatechange = function() 
{
if (rootServices.readyState == 4 && rootServices.status == 200)
{
//do something
}
}
rootServices.open('GET', 'https://<host>:<port>/jts/rootservices', true);
rootServices.send(null);

What could be the issue and what can I do?

Thanks in advance!


Leire Torres commented Oct 09 '15, 4:02 a.m. | edited Oct 09 '15, 4:03 a.m.

Thanks for the answer Donald.


I tried the steps you mention but still the same error appears.


Donald Nong commented Oct 11 '15, 7:43 p.m.

Have you checked the request/response headers? To make this work, you should have the response "Access-Control-Allow-Origin" header match the request "Origin" header.



Leire Torres commented Oct 14 '15, 6:47 a.m. | edited Oct 14 '15, 7:09 a.m.

Sorry dnong, but I have just realized that I see these response headers only when Allow-Control-Allow-Origin: * Chrome extension is enabled. 


Is there something equivalent for Firefox? Or how can I avoid using these extensions?


Donald Nong commented Nov 03 '15, 11:41 p.m.

Have you been able to do this? IIRC, the "Access-Control-Allow-Origin" response header is returned by Tomcat (or whatever the application server), so using a Chrome extension is just a "hack". There should be no need for any extra settings on the client side.


Leire Torres commented Jan 12 '16, 3:21 a.m.

Yes, finally I got it. The request I made from Javascript was wrong.

Thank you for all your assistance.

showing 5 of 7 show 2 more comments

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.