CORS management

21 views
Skip to first unread message

Sebastien Risler

unread,
Nov 15, 2017, 11:51:40 AM11/15/17
to SiteWhere
Hi all,

I can't find where to manage CORS.

Context: 
I have a sitewhere instance running on a distant server and I dev a angularApp that run on localhost:4200. I try to access REST API and I get No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401.

Thank you for your help


Derek Adams

unread,
Nov 15, 2017, 11:55:39 AM11/15/17
to SiteWhere
Which version of SiteWhere are you using? Most of the recent versions should have a wildcard for the CORS headers so all clients can access the instance by default. Also, is there any kind of proxy or other intermediate component between the client and SiteWhere?

Thanks,
Derek

Sebastien Risler

unread,
Nov 15, 2017, 4:36:46 PM11/15/17
to SiteWhere
Hi Derek,

Version 1.12. I test using NG serve.

Sebastien Risler

unread,
Nov 17, 2017, 6:37:01 AM11/17/17
to SiteWhere
Hi Derek,

I have been trying again and again and I still have this issue. What information can I provide/what can I check to help you?

Again:
Sitewhere 1.12 
App launch with ng serve
App running on localhost:4200 (Angular2)


Thank you 

Derek Adams

unread,
Nov 17, 2017, 8:35:56 AM11/17/17
to SiteWhere
I'm trying to figure out how to test the problem. Even when testing with the new Vue user interface included in 1.12 (running locally) and interacting with a SiteWhere instance on Amazon EC2, I do not see the CORS headers in Firefox or Chrome. They normally show up, but seem to be getting filtered. The new user interface allows you to specify the host name on the login screen, so you can test using it as a remote client. 

One thing to verify is that you are sending the basic authentication credentials as part of the request, otherwise you will get bounced before it does the CORS round-trip. See the details here (http://documentation.sitewhere.io/rest/single.html#calling) to make sure you are sending the correct headers.

Thanks,
Derek

Sebastien Risler

unread,
Nov 17, 2017, 9:02:25 AM11/17/17
to SiteWhere
Ok. I thought about it but I would expect 403 error rather than 401.

I'll check that.

Thank you

Sebastien Risler

unread,
Nov 17, 2017, 9:56:14 AM11/17/17
to SiteWhere
Derek,

My bad. Headers were not attached to the request. The authorization was not granteed.

Sorry for that

Thank you for your time

Regards

Derek Adams

unread,
Nov 17, 2017, 10:30:12 AM11/17/17
to SiteWhere
Glad it's working for you. I got hung up on the CORS part and totally missed the mention of the 401 status in the original post.

Thanks,
Derek
Reply all
Reply to author
Forward
0 new messages