Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

CORS-Error: OpenSocial-Widget for Jazz-Dashboard fails to request Data from Server

Questions
Tags
Users
Badges
Aida Bisevac
(111) Apr 30 '21, 6:48 a.m.

 Hi guys!

I'm creating an OpenSocial-Widget for the Jazz-Teamserver-Dashboard, which categorizes all Work-Items from different Project-Areas.
I was told to upload the widget to a GitHub-Repo and access it from the Jazz-Dashboard via URL.


When adding the widget, it is loaded, but fails to request the data from the server, because of the CORS-Policy of the Browser.

I've read a lot of posts about this issue, but the answers always implement direct access to the server, in order to fix the problem (e.g. change CORS settings in the server or storing the widget directly on the server).

Since I dont have direct access to the Jazz-Teamserver, those solutions don't help much.

Does anyone know, if theres another way to fix this, without having direct access to the server?
Is there anything I can do to make the request work?

I really need your help, because I'm trying to fix this issue for weeks now. Nothing works.

Thanks in advance!

0 votes

3 answers
2,069 views
0 votes

3 answers

Permanent link
Ian Barnard
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (2.3k714) edited
May 04 '21, 4:44 a.m.
Does anyone know, if there's another way to fix this, without having direct access to the server?

I don't believe there is: modern browsers won't let a widget/javascript on a page from one server access a different server, it's a well-known historic attack vector which has been largely overcome with CORS. Jazz has whitelists for its proxy that allow a widget to talk through it to the remote server - but you need someone to approve/configure that on the server. As your widget might have access to any data that the logged-in user has, this constraint is quite understandable.

1 vote

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) Apr 30 '21, 10:45 a.m.
I have read up on CORS in https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS what it does and why. You should as well.

It seems to be a safety measure that is supposed to protect users from being redirected to malicious sites. The task is shared in server and client/browser.

So unless you can deploy on your server, change the server settings to trust your other site or trick the client in ignoring CORS, your widget is likely not going to work.

0 votes

Permanent link
Davyd Norris
(3.0k217) Apr 30 '21, 9:29 p.m.
From memory I believe you need to add the remote server to the whitelist on the Jazz server and then it will set up the necessary permissions. See:

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,492
× 1,321

Question asked: Apr 30 '21, 6:48 a.m.

Question was seen: 2,069 times

Last updated: May 04 '21, 4:44 a.m.

Confirmation Cancel Confirm