Can't enable CORS on rest/login

[Ualas Rohrer]

Guys, how are you?

I'm trying to enable CORS on the rest api.

I've added the below code to webapps/rest/WEB-INF/web.xml. It enables CORS on the items endpoint but not on the login endpoint, find attached screenshots,

  <filter-name>CorsFilter</filter-name>

  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>

  <init-param>

    <param-name>cors.allowed.origins</param-name>

    <param-value>*</param-value>

  </init-param>

  <init-param>

    <param-name>cors.allowed.methods</param-name>

    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>

  </init-param>

  <init-param>

    <param-name>cors.allowed.headers</param-name>

    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,rest-dspace-token</param-value>

  </init-param>

  <init-param>

    <param-name>cors.exposed.headers</param-name>

    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>

  </init-param>

  <init-param>

    <param-name>cors.preflight.maxage</param-name>

    <param-value>10</param-value>

  </init-param>

</filter>

  <init-param>

    <param-name>cors.support.credentials</param-name>

    <param-value>true</param-value>

  </init-param>

<filter-mapping>

  <filter-name>CorsFilter</filter-name>

  <url-pattern>/*</url-pattern>

</filter-mapping>

I've tried many different settings, but couldn't get it to work.

Can someone help me?

Thanks,

Ualas

[Ualas Rohrer]

Someone help me, please.

[Tim Donohue]

Hello,

Unfortunately, I've never tried to enable CORS with the existing REST API (for DSpace 5 or 6), so I don't know the answer here.  But, I did notice that in your configuration the <init-param> for "cors.support.credentials" seems to be *outside* of the </filter> end tag, which seems incorrect.  I'm not sure if that is the problem or if there's something else going on here.

It's also worth noting that in the upcoming DSpace 7 release, the new REST API supports CORS out-of-the-box (without special Tomcat configuration, etc).  But, I've no experience with using the Tomcat "CorsFilter" to try to enable CORS for the current REST API.  Maybe someone else on this list has tried, or is interested in collaborating on this.

Tim

---

From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of Ualas Rohrer <uala...@gmail.com>
Sent: Friday, August 2, 2019 11:56 AM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] Re: Can't enable CORS on rest/login

 

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/1be40d78-7ed5-4e2c-8f9e-ad0905ad755d%40googlegroups.com.

[Ualas Rohrer]

Hi Tim, thank you for answering.

I've put the cors.support.credentials inside the filter tag. And you're right, there is something else happening here. I've tried many combination of the setting and didn't get it to work.

The weird is that the CORS is enables for all the other endpoints except for login.

Anyway, thanks for you answer. I'm still looking forward to solve it.