cancel
Showing results for 
Search instead for 
Did you mean: 

ODATA - CORS Support

3,456

We are testing some different grid tools in order to display SQLA 17 data in a client website.

After lots of trial and error I am down to this error message as the grid tool attempts to access a published table of an SQLA ODATA producer:

16:06:06.282 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myserver:8087/Client01/OSigerClientWeb/Contact?%24top=20&%24select=ContactID%2CFirstName&%24inlinecount=allpages. (Reason: CORS header Access-Control-Allow-Origin missing).

The tool's documentation mentions that this is a possibility but does not give much in terms of a solution other than that the server holding the data needs to support CORS headers:

One common pitfall that occurs during communication with remote web services from JavaScript is the Same-Origin Policy. It is a security restriction enforced by web browsers that do not directly allow HTTP communication between different domains (not even between endpoints located at two different ports of the same website).

To consume a web service from JavaScript, the web service has to support the Cross-Origin Resource Sharing feature, also known as CORS.

I checked the SQLA DCX for any mention of CORS and while I did not find it in any of the ODATA sections, I did find it in the miscellaneous changes and enhancements section but only for HTTP services created within the database.

So the question is: Is there a way to get around this issue with ODATA and CORS?

Accepted Solutions (0)

Answers (2)

Answers (2)

philippefbertrand
Participant

The SQL Anywhere OData Server has been fixed to correctly respond to these requests. Please contact support to request 17.0.9.4829 or later.

Another work around is to build your own Jetty server and enable the CrossOriginFilter when including the OData Producer servlet.

VolkerBarth
Contributor

For Windows and Mac OSX, EBF 17.0.9.4838 has been published in the mean time. See Engineering Case #815560 in the readme file for the CORS details.

philippefbertrand
Participant

SQL Anywhere OData Server does not support CORS at this time however it is simply a sample server. The OData Producer is a java servlet that can be deployed into your own webserver, which you can configure for CORS support. https://archive.sap.com/documents/docs/DOC-67267 is an article describing the process of integrating into another webserver.

0 Kudos

So if we are already utilizing IIS for the front-end portion of the eventual solution, the docs seem to indicate that we will also need a separate webserver as IIS does not support java servlets:

Third-party HTTP server set up

To use OData Producers with a third-party HTTP server, such as Apache or IIS, deploy the OData Producers to the server. Run OData Producers as Java Servlets that can be loaded into the HTTP server that support version 3.1 of the Java Servlet API. For example, Tomcat can be used as a Java Servlet container and paired with an Apache HTTP server.

Note IIS cannot execute Java Servlets, but you can configure a connector that redirects Servlet requests from an IIS server to another server that is able to run them.

From:DCX How to set up an OData server

VolkerBarth
Contributor
0 Kudos

You can certainly use Tomcat as servlet container with IIS, although it's quite less documented than with Apache...

philippefbertrand
Participant
0 Kudos

Would you happen to have a small sample of using CORS against our OData Producer?

0 Kudos

Yes definitely - should I email it or try to post it here?

philippefbertrand
Participant
0 Kudos

Sorry ... for some reason I don't get notifications. You can email me philippe.bertrand at sap.

philippefbertrand
Participant
0 Kudos

I have a repro using simple requests that don't involve preflight OPTIONS requests so if yours has those, that would be great.