on 2018 May 15 6:33 PM
We are testing some different grid tools in order to display SQLA 17 data in a client website.
After lots of trial and error I am down to this error message as the grid tool attempts to access a published table of an SQLA ODATA producer:
16:06:06.282 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myserver:8087/Client01/OSigerClientWeb/Contact?%24top=20&%24select=ContactID%2CFirstName&%24inlinecount=allpages. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
The tool's documentation mentions that this is a possibility but does not give much in terms of a solution other than that the server holding the data needs to support CORS headers:
One common pitfall that occurs during communication with remote web services from JavaScript is the Same-Origin Policy. It is a security restriction enforced by web browsers that do not directly allow HTTP communication between different domains (not even between endpoints located at two different ports of the same website).
To consume a web service from JavaScript, the web service has to support the Cross-Origin Resource Sharing feature, also known as CORS.
I checked the SQLA DCX for any mention of CORS and while I did not find it in any of the ODATA sections, I did find it in the miscellaneous changes and enhancements section but only for HTTP services created within the database.
So the question is: Is there a way to get around this issue with ODATA and CORS?
Request clarification before answering.
The SQL Anywhere OData Server has been fixed to correctly respond to these requests. Please contact support to request 17.0.9.4829 or later.
Another work around is to build your own Jetty server and enable the CrossOriginFilter when including the OData Producer servlet.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For Windows and Mac OSX, EBF 17.0.9.4838 has been published in the mean time. See Engineering Case #815560 in the readme file for the CORS details.
SQL Anywhere OData Server does not support CORS at this time however it is simply a sample server. The OData Producer is a java servlet that can be deployed into your own webserver, which you can configure for CORS support. https://archive.sap.com/documents/docs/DOC-67267 is an article describing the process of integrating into another webserver.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So if we are already utilizing IIS for the front-end portion of the eventual solution, the docs seem to indicate that we will also need a separate webserver as IIS does not support java servlets:
Third-party HTTP server set up
To use OData Producers with a third-party HTTP server, such as Apache or IIS, deploy the OData Producers to the server. Run OData Producers as Java Servlets that can be loaded into the HTTP server that support version 3.1 of the Java Servlet API. For example, Tomcat can be used as a Java Servlet container and paired with an Apache HTTP server.
Note IIS cannot execute Java Servlets, but you can configure a connector that redirects Servlet requests from an IIS server to another server that is able to run them.
You can certainly use Tomcat as servlet container with IIS, although it's quite less documented than with Apache...
User | Count |
---|---|
75 | |
30 | |
9 | |
8 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.