Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Cross-domain request in Firefox to get DWA data into an OpenSocial gadget in RQM

Questions
Tags
Users
Badges
Leire Torres
(36721) edited
Oct 01 '15, 11:29 a.m.
I am developing an OpenSocial gadget (JavaScript language) for RQM (Rational Quality Manager) that gets information from DWA (Doors Web Access). The gadget is running on RQM (https://:9443/) and I want to make request to the DWA (https://:8443/).

The gadget runs correctly in IE, but when I run in Firefox I get the following error: 

> Cross-Origin Request Blocked: The Same Origin Policy disallows reading
> the remote resource at https://<host>:8443/xxxx. (Reason: CORS header
> 'Access-Control-Allow-Origin' missing). <unknown> Cross-Origin Request
> Blocked: The Same Origin Policy disallows reading the remote resource
> at https://<host>:8443/xxxx. (Reason: CORS request failed). <unknown>

What could be the issue and what can I do? Is there anything I can do on the client side? Is DWA compatible with CORS (Cross-origin resource sharing)?

Thanks in advance!

0 votes

1 answer
7,208 views
0 votes

One answer

Permanent link
Donald Nong
(14.5k614) Oct 02 '15, 1:59 a.m.
This is explained in details in the below article (also on why IE works)
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

If you are using Tomcat and would like to configure CORS, check out the answer in this post.
https://jazz.net/forum/questions/151485/does-rtc-support-cors-cross-origin-resource-needed-for-a-javascript-oslc-consumer

0 votes

Comments
Leire Torres
Oct 11 '15, 7:36 p.m.

 Thanks for the answer Donald.


I tried the steps you mention in the other post but I can´t achieve what I want.

The Tomcat version the CLM uses is 7.0.54, so I skip the first 3 steps and I started adding a new filter to the Tomcat configuration as described in the document; adding to the JTS/conf/web.xml file the next lines:

<!-- ================== Built In Filter Definitions ===================== -->
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>

<!-- ==================== Built In Filter Mappings ====================== -->
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

But when I execute the OpenSocial gadget from Firefox, still the following error appears: 

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://<host>:<port>/jts/rootservices. (Reason: CORS header 'Access-Control-Allow-Origin' missing). 

The request I made from Javascript is:

var rootServices = new XMLHttpRequest();
rootServices.onreadystatechange = function() 
{
if (rootServices.readyState == 4 && rootServices.status == 200)
{
//do something
}
}
rootServices.open('GET', 'https://<host>:<port>/jts/rootservices', true);
rootServices.send(null);

What could be the issue and what can I do?

Thanks in advance!

Leire Torres
Oct 09 '15, 4:03 a.m.

Thanks for the answer Donald.


I tried the steps you mention but still the same error appears.

Donald Nong
Oct 11 '15, 7:43 p.m.

Have you checked the request/response headers? To make this work, you should have the response "Access-Control-Allow-Origin" header match the request "Origin" header.

Leire Torres
Oct 14 '15, 5:24 a.m.

Yes, I checked them with Advanced Rest Client Chrome extension and this is what I get:


Request headers:

Leire Torres
Oct 14 '15, 7:09 a.m.

Sorry dnong, but I have just realized that I see these response headers only when Allow-Control-Allow-Origin: * Chrome extension is enabled. 


Is there something equivalent for Firefox? Or how can I avoid using these extensions?

Donald Nong
Nov 03 '15, 11:41 p.m.

Have you been able to do this? IIRC, the "Access-Control-Allow-Origin" response header is returned by Tomcat (or whatever the application server), so using a Chrome extension is just a "hack". There should be no need for any extra settings on the client side.

Leire Torres
Jan 12 '16, 3:21 a.m.

Yes, finally I got it. The request I made from Javascript was wrong.

Thank you for all your assistance.

showing 5 of 7 show 2 more comments

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 10,939
× 198

Question asked: Oct 01 '15, 9:45 a.m.

Question was seen: 7,208 times

Last updated: Jan 12 '16, 3:21 a.m.

Confirmation Cancel Confirm