I am developing a plugin that provides a REST API. I want to retrieve some data from the api that i provided and display it on an web application on a different URL. So now i need to enable CORS. But i am running into a lot of problems. The code of my api looks like this:
@Path("/project")
@CrossOrigin("http://localhost:4200/")
public class ProjectResource {
private ProjectMonitorService service;
@Inject
ProjectResource(@ComponentImport ProjectMonitorService service) {
this.service = service;
}
@GET
@Produces({MediaType.APPLICATION_JSON})
public Response getMessage() {
return Response.ok(new ProjectResourceModel("Hell World", ""))
.header("Access-Control-Allow-Headers", "Authorization")
.header("Access-Control-Allow-Origin", "http://localhost:4200/")
.header("Access-Control-Allow-Methods", "OPTIONS, GET")
.header("Access-Control-Allow-Credentials", "*")
.build();
}
My client looks like this:
return this.http.get('http://localhost:7990/bitbucket/rest/project/1.0/project', { headers: new HttpHeaders().append('Authorization', 'Basic YWRtaW46YWRtaW4=') });
Error:
OPTIONS http://localhost:7990/bitbucket/rest/project/1.0/project/number XMLHttpRequest cannot load http://localhost:7990/bitbucket/rest/project/1.0/project/number. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401
Info: The authenticatin token is the one of the system admin I tried putting a filter on the server that allows almost everything. The problem that i saw is that the Option method is not allowed and it is now possible to allow it(unsure). The problem is that the browser sends a OPTION preflight request. I have no clue how to enable the CORS, so can someone help me.
I'm running into the same or similar problem. We have configured the server to return
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, Range, X-Csrftoken, X-Requested-With, Cookie
Access-Control-Allow-Origin: http://{dynamically derived sub-domain:port}
But because the preflight OPTIONS requests are protected by the same authorization rules as the rest of the verbs (GET, POST, etc.) I can only access API results of Repositories that are configured to allow Public Access. The authorization COOKIE is not sent on the preflight so I get a 401 from the preflight response and an error that the preflight was not completed with a 200 status. However if I mark the repository as Allow Public cloning, the OPTIONS request returns 200 and the following GET is completed returning me pull-requests, branches, etc. The COOKIE IS sent on the GET because I do have withCredentials: true
I believe that the URL permission for bitbucket should be changed to allow anon for rest/api/* for OPTIONS requests and not have the same URI permissions applied for the remain projects/{project}/repos/{repo} portion of the URI
We could hack Apache to always return 200 from options requests, but that seems wrong.
Have you seen the below documentation page?
Also, not sure it can helps, but you can also have a look at:
Finally, in case of no answers in here it may be a good idea to re-ask the same question into the developers' community:
I hope this helps.
Best Regards,
Dario
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.