problem with CORS
3,098 views
Skip to first unread message
Stef2410
Jul 5, 2013, 9:25:58 AM7/5/13
to servic...@googlegroups.com
Hi,
can somebody help me with the problem that I describe in this stackoverflow question (a POST request with JQuery AJAX.) ?
I tried everything accrording to CORS guidelines.
CORS does not work for me, and I am desperated.
The same code, if I run it, on the server, with localhost or the external domain , it works perfect.
I can send an example, if it is required.
thank you.
Stefan
can somebody help me with the problem that I describe in this stackoverflow question (a POST request with JQuery AJAX.) ?
I tried everything accrording to CORS guidelines.
CORS does not work for me, and I am desperated.
The same code, if I run it, on the server, with localhost or the external domain , it works perfect.
I can send an example, if it is required.
thank you.
Stefan
Stef2410
Jul 5, 2013, 7:37:05 PM7/5/13
to servic...@googlegroups.com
I continue here my comments about the problem with CORS, that we discussed in stackOverflow
The message that I receive from IE10 (F12 Console)
is the following
SEC7118: XMLHttpRequest for http:/test.com:18162/TestAPI/CreateSomething required Cross Origin Resource Sharing (CORS).
JsonRest.html
SEC7119: XMLHttpRequest for http:/test.com:18162/TestAPI/CreateSomething required CORS preflight.
JsonRest.html
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
Demis Bellot
Jul 5, 2013, 7:45:34 PM7/5/13
to servic...@googlegroups.com
These don't really help, no-one here can see your traffic.
Paste the **full** HTTP Request and HTTP Response headers, in the exact sequence that they're sent.
Use that to make sure you're returning the appropriate headers - it's very likely what you think is happening, isn't.
--
You received this message because you are subscribed to the Google Groups "ServiceStack .NET Open Source REST Web Services Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servicestack...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
- Demis
Message has been deleted
Stef2410
Jul 5, 2013, 8:20:28 PM7/5/13
to servic...@googlegroups.com
What do you mean Demis ? I have wrote my code in Stackoverflow
I will do it again
this works on Chrome, not Firefox, IE10,Opera
$.ajax({
type: 'POST',
contentType: 'application/json',
url: serverIP + TestAPI/CreateTest',
data: JSON.stringify(TestRequest),
dataType: "json",
success: function (response, status) {
if (response.success) {
}
else {
}
},
error: function (xhr, err) {
alert(err);
} });
AppHost
SetConfig(new ServiceStack.WebHost.Endpoints.EndpointHostConfig
{
GlobalResponseHeaders =
{ //Signal advanced web browsers what HTTP Methods you accept
{ "Access-Control-Allow-Origin", "*" },
{ "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS" },
{ "Access-Control-Allow-Headers", "Content-Type" },
},
ReturnsInnerException = true,
WsdlServiceNamespace = "http://www.servicestack.net/types"
});
Routes
.Add<CreateReservationRequest>("/TestAPI/CreateTest", "POST,GET");
I have tried everything. is it something that works and I can correct, or not ?
Why Bruce Pars wrote in the community (today) that
"Our only PITA has been CORS, which we had to work around by using a local proxy controller method,
and a server-side web call to ServiceStack."
He refers only to older browsers ?
I will do it again
this works on Chrome, not Firefox, IE10,Opera
$.ajax({
type: 'POST',
contentType: 'application/json',
url: serverIP + TestAPI/CreateTest',
data: JSON.stringify(TestRequest),
dataType: "json",
success: function (response, status) {
if (response.success) {
}
else {
}
},
error: function (xhr, err) {
alert(err);
} });
AppHost
SetConfig(new ServiceStack.WebHost.Endpoints.EndpointHostConfig
{
GlobalResponseHeaders =
{ //Signal advanced web browsers what HTTP Methods you accept
{ "Access-Control-Allow-Origin", "*" },
{ "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS" },
{ "Access-Control-Allow-Headers", "Content-Type" },
},
ReturnsInnerException = true,
WsdlServiceNamespace = "http://www.servicestack.net/types"
});
Routes
.Add<CreateReservationRequest>("/TestAPI/CreateTest", "POST,GET");
I have tried everything. is it something that works and I can correct, or not ?
Why Bruce Pars wrote in the community (today) that
"Our only PITA has been CORS, which we had to work around by using a local proxy controller method,
and a server-side web call to ServiceStack."
He refers only to older browsers ?
Stef2410
Jul 5, 2013, 8:21:58 PM7/5/13
to servic...@googlegroups.com
Can I send you a test project ?
On Saturday, July 6, 2013 2:45:34 AM UTC+3, mythz wrote:
On Saturday, July 6, 2013 2:45:34 AM UTC+3, mythz wrote:
Stef2410
Jul 5, 2013, 8:35:24 PM7/5/13
to servic...@googlegroups.com
CHROME ( it does 2 requests actually, this is the second)
POST /TestAPI/CreateReservation HTTP/1.1
Connection: keep-alive
Content-Length: 622
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost:28014
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Content-Type: application/json
Referer: http://localhost:28014/JsonRest.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en,el;q=0.8
--- Chrome Response
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3.954 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Sat, 06 Jul 2013 00:29:22 GMT
IE10 Request
OPTIONS /TestAPI/CreateReservation HTTP/1.1
Accept: */*
Origin: http://localhost:28014
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, accept
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: ucma4dev.umojo.com:18162
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Pragma: no-cache
---- Response IE10
HTTP/1.1 404 Not Found
Content-Length: 3
Content-Type: text/plain
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3.954 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Sat, 06 Jul 2013 00:34:15 GMT
POST /TestAPI/CreateReservation HTTP/1.1
Connection: keep-alive
Content-Length: 622
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost:28014
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Content-Type: application/json
Referer: http://localhost:28014/JsonRest.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en,el;q=0.8
--- Chrome Response
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3.954 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Sat, 06 Jul 2013 00:29:22 GMT
IE10 Request
OPTIONS /TestAPI/CreateReservation HTTP/1.1
Accept: */*
Origin: http://localhost:28014
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, accept
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: ucma4dev.umojo.com:18162
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Pragma: no-cache
---- Response IE10
HTTP/1.1 404 Not Found
Content-Length: 3
Content-Type: text/plain
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3.954 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Sat, 06 Jul 2013 00:34:15 GMT
Demis Bellot
Jul 5, 2013, 9:12:21 PM7/5/13
to servic...@googlegroups.com
Not the code, the HTTP Headers, that's what you should be looking at when investigating interoperability issues.
So it looks like it works in Chrome? and in IE you're getting a 404 for an OPTIONS request, I told you about allowing OPTIONS using Global Request filter or allowing OPTION in custom routes in my answer, have you added it? because you shouldn't be getting a 404 if you did.
No sorry I don't have time to research individual issues, it's a good idea to learn how to investigate HTTP issues on your own.
--
You received this message because you are subscribed to the Google Groups "ServiceStack .NET Open Source REST Web Services Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servicestack...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Stef2410
Jul 5, 2013, 9:21:36 PM7/5/13
to servic...@googlegroups.com
Demis, at first to thank you for your fantastic help, for all of us.
I have tried everything 2 days now, I don't know what other to do.
I had answered in my comment, in stackoverflow, about OPTIONS. . Yes I did it . I wrote about that.
I will send the response again for OPTIONS.
Sorry, I did not ask you to research individual issues. I try only to understand if it happens only to me
or it is something else, beyond me.
thank you again
Stef2410
Jul 5, 2013, 9:46:29 PM7/5/13
to servic...@googlegroups.com
About options
this code, can't get it to compile,
RequestFilters.Add((httpReq, httpRes, requestDto) => {
if (httpReq.HttpMethod == "OPTIONS") httpRes.End(); });
IE10 => The Request/Response Headers are the same HTTP/1.1 404 Not Found
Chrome is succesfull again.
then you told me to test it removing the method filter from the route, (GET,POST)
I did it, as I wrote in stackoverflow. The result is HTTP/1.1 200 OK but with Content-length 0
Service never invoked. Chrome fails also.
the server ip is a subdomain, e.g dev4.test.com:18162 . is that a problem ?
unfortunately I cannot test it , somewhere else.
this code, can't get it to compile,
this.RequestFilters.Add((httpReq, httpRes, requestDto) => {
//Handles Request and closes Responses after emitting global HTTP Headers
if (httpReq.Method == "OPTIONS")
httpRes.EndServiceStackRequest();
});RequestFilters.Add((httpReq, httpRes, requestDto) => {
if (httpReq.HttpMethod == "OPTIONS") httpRes.End(); });
IE10 => The Request/Response Headers are the same HTTP/1.1 404 Not Found
Chrome is succesfull again.
then you told me to test it removing the method filter from the route, (GET,POST)
I did it, as I wrote in stackoverflow. The result is HTTP/1.1 200 OK but with Content-length 0
Service never invoked. Chrome fails also.
the server ip is a subdomain, e.g dev4.test.com:18162 . is that a problem ?
unfortunately I cannot test it , somewhere else.
Stef2410
Jul 5, 2013, 10:13:36 PM7/5/13
to servic...@googlegroups.com
I think, I have found something
Chrome request says "Accept: application/json, text/javascript, */*; q=0.01"
Firefox request says "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
IE10 says "Accept: */*"
is it possible to influence ? In my code I have put default content-type = json
Firefox request
OPTIONS /TestAPI/CreateReservation HTTP/1.1
Host: com:18162
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: ocalhost:28014
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
----response
HTTP/1.1 404 Not Found
Content-Length: 3
Content-Type: text/plain
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3.954 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Sat, 06 Jul 2013 02:02:28 GMT
Chrome request says "Accept: application/json, text/javascript, */*; q=0.01"
Firefox request says "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
IE10 says "Accept: */*"
is it possible to influence ? In my code I have put default content-type = json
Firefox request
OPTIONS /TestAPI/CreateReservation HTTP/1.1
Host: com:18162
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: ocalhost:28014
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
----response
HTTP/1.1 404 Not Found
Content-Length: 3
Content-Type: text/plain
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3.954 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type
Demis Bellot
Jul 5, 2013, 10:19:30 PM7/5/13
to servic...@googlegroups.com
If it doesn't compile, you can't just ignore it, it's the solution we're telling you to do, not adding it, ignoring it and carrying on just wastes everyones time. This should be in your AppHost.Configure() as is explained in the docs for Global Request Filters:
Make sure you have all the necessary namespaces, e.g. the EndServiceStackRequest() extension method is in the namespace:
using ServiceStack.WebHost.Endpoints.Extensions;
If the response is a 404 NotFound, it's telling you there is no route defined that matches that request. So add the Request Filter or make sure there is a route and a method that accepts Options requests. Use `Any(RequestDto)` or the explicit `Options(RequestDto)` to allow Options requests.
--
You received this message because you are subscribed to the Google Groups "ServiceStack .NET Open Source REST Web Services Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servicestack...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Stef2410
Jul 5, 2013, 10:36:23 PM7/5/13
to servic...@googlegroups.com
I will try to find it, as you say, in a few hours because I am exchausted,
But it is not only me. Others had the same conflict with me and they asked before.
please read for example the comment of a developer in your answer ServiceStack CORS feature
Stef2410
Jul 5, 2013, 11:17:48 PM7/5/13
to servic...@googlegroups.com
Huraaaaaaaaaaaaaa !!!!!!!!!!!
IT WORKED FOR THE 4 BROWSERS (Chrome,Firefox, IE10,Opera 12)
The answer was in your answers, Demis,
but also in the answer of sroes in the stackoverflow question
ServiceStack returns 405 on OPTIONS request
1. ( sroes code)
Plugins.Add(new CorsFeature());
RequestFilters.Add((httpReq, httpRes, requestDto) =>
{
httpRes.AddHeader("Access-Control-Allow-Origin", "*");
if (httpReq.HttpMethod == "OPTIONS")
{
httpRes.AddHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
httpRes.AddHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type");
httpRes.End();
}
});
2.
in Routes, we add OPTIONS
Routes
.Add<CreateReservationRequest>("/TestAPI/CreateReservation", "POST, GET, OPTIONS");
but without actually to create any function for Options.
It works fantastic, and especially for complex javascript composite objects with arrays as properties.
thanks a lot.
Stefan
IT WORKED FOR THE 4 BROWSERS (Chrome,Firefox, IE10,Opera 12)
The answer was in your answers, Demis,
but also in the answer of sroes in the stackoverflow question
ServiceStack returns 405 on OPTIONS request
1. ( sroes code)
Plugins.Add(new CorsFeature());
RequestFilters.Add((httpReq, httpRes, requestDto) =>
{
httpRes.AddHeader("Access-Control-Allow-Origin", "*");
if (httpReq.HttpMethod == "OPTIONS")
httpRes.AddHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
httpRes.AddHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type");
httpRes.End();
}
});
2.
in Routes, we add OPTIONS
Routes
.Add<CreateReservationRequest>("/TestAPI/CreateReservation", "POST, GET, OPTIONS");
but without actually to create any function for Options.
It works fantastic, and especially for complex javascript composite objects with arrays as properties.
thanks a lot.
Stefan
Stef2410
Jul 6, 2013, 1:58:07 PM7/6/13
to servic...@googlegroups.com
Demis, It works also with your code,
I have updated my stackoverflow question with the last 2 messages,
thanks again
Sorry, because I wasted precious time, I will give it back, promise.
Stefan.
At the beginning, the code could not compile, because it could not find the EndServiceStackRequest().
It is confusing because we don't know that it is an extension method. ( not only me, we expected a class method)
As you said in the namespace ServiceStack.WebHost.Endpoints.Extensions.
A reference to System.Web also required. Also the httpReq.Method is httpReq.HttpMethod.
The most important is the declaration in Routes for OPTIONS.
Fortunately, it is not necessary to add an empty method 'Options(RequestDto)`.
using System.Web;
using ServiceStack.WebHost.Endpoints.Extensions;
Plugins.Add(new CorsFeature());
this.RequestFilters.Add((httpReq, httpRes, requestDto) =>
{
//Handles Request and closes Responses after emitting global HTTP Headers
if (httpReq.HttpMethod == "OPTIONS")
httpRes.EndServiceStackRequest();
});
Routes
.Add<ReservationRequest>("/TestAPI/CreateReservation", "POST, OPTIONS")
I have updated my stackoverflow question with the last 2 messages,
thanks again
Sorry, because I wasted precious time, I will give it back, promise.
Stefan.
Dan B
Jul 8, 2013, 7:09:02 AM7/8/13
to servic...@googlegroups.com
Maybe the CORS feature should auto add the Options routes?
Reply all
Reply to author
Forward
0 new messages