You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@unomi.apache.org by Oliver Cabral Jorge <ol...@gmail.com> on 2020/11/16 14:37:24 UTC

CORS issue when calling context.json from web

Hello,

I'm trying to call an Apache UNOMI login Event through the web using the
context.json endpoint but I'm getting a CORS error when calling it.

The environment I'm using is:


   - UNOMI 1.5.1
   - running on Windows 10
   - with IIS installed
   - my page and javascript located at localhost:80
   - Unomi endpoints located at localhost:8181

The code I'm using to interact with the UNOMI endpoint is:

var sessionID = getCookieSessionIDInfo();
//JSON used for loginvar contextData = {
    "source": {
        "itemId":"sample",
        "itemType":"webPage",
        "scope":"loginTest"
    },
    "events": [{
        "eventType": "login",
        "properties": {"EMAIL": email}
    }],
    "requiredProfileProperties":['NAME', 'EMAIL']
}
            // Create a request variable and assign a new
XMLHttpRequest object to it.var request = new XMLHttpRequest();
            // Open a new connection, using the GET request on the URL endpoint
request.open('POST',
'http://localhost:8181/context.json?sessionId='+sessionID, true);
request.withCredentials = true;
request.setRequestHeader("X-Unomi-Peer", "<configured key here>");
//necessary for allowed events

request.onload = function () {
    // Begin accessing JSON data here
    if (request.status >= 200 && request.status < 400) {
        var data = JSON.parse(this.response);
        console.log("do whatever I want with JSON reply");
    } else {
        console.log("not working");
    }
}
// Send request
request.send(JSON.stringify(contextData));

When I run it, I'm getting CORS error as below:

Access to XMLHttpRequest at
'http://localhost:8181/context.json?sessionId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'from
origin 'http://localhost' has been blocked by CORS policy: Request
header field x-unomi-peer is not allowed by
Access-Control-Allow-Headers in preflight response.

I cannot remove the X-Unomi-Peer header out of the request as this is
necessary for those events to be validated from a third party server
(localhost:80, in this situation).

My question is: *how do I fix the CORS error when calling UNOMI events
passing the necessary header?*

What I've tried so far:
1 - Added request header as on Unomi manual

As instructed at Unomi manual
http://unomi.apache.org/manual/latest/index.html on section 11.4.2, I have
added the text/plain as a header before calling, but it didn't work

request.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
// Use text/plain to avoid CORS preflight

This is the same solution describe in this thread: Unomi Karaf CXF CORS
issue to access REST API
<https://stackoverflow.com/questions/49146548/unomi-karaf-cxf-cors-issue-to-access-rest-api>
2 - Updated web.config on my root directory

Sites https://www.w3.org/wiki/CORS_Enabled and
https://docs.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference
shows
the same solution, to update the web.config allowing the x-unomi-peer
header (or any other header needed).

Based on that, I have added the bellow code into my webpage root directory.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Headers" value="X-Unomi-Peer" />

I also tried to add this as a new piece of code before the requests call as
explained in this CORS article
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests.

request.setRequestHeader("Access-Control-Allow-Headers", "*");
request.setRequestHeader("Access-Control-Allow-Origins", "*");

None of the above solutions worked.

Finally, I tried to look for CORS related configuration at the
custom.system.properties configuration file but there is no entry there
related to it.

I also tried to look at the issues tracking at the
https://issues.apache.org/jira/browse/
 but I could not find anything similar to it. Basically there are three
threads on UNOMI-88, UNOMI-170 and UNOMI-171 but they are not the same
issue or they are fixed already.

I'm getting out of ideas here. Any help is very much appreciated!

Thanks!

-- 
----------------------------------------
Oliver Cabral Jorge
email: olivercj@gmail.com
cel:    (41) 9548 1000
----------------------------------------