REST interface (POST) and CORS

Six Stars

REST interface (POST) and CORS

Hello,
I have implement different REST interfaces. One interface for receiving data from a database. For that I use following schema:

Under tRestResponse I set Access-Control-Allow-Origin = *. That works fine. 
One interface I use for post data into in db. I use following schema:


Also under tRESTResponse I set Access-Control-Allow-Origin = *. But that not works. Under angularJS I also activate $http.defaults.headers.common = '*'; But in chrome/firefox I receive that error: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.

Greets Benjamin
Employee

Re: REST interface (POST) and CORS

If a 1st service uses GET then it means it is a 'simple' CORS request.
If you have POST/PUT/DELETE then a browser will do a so-called preflight request first. You can add an OPTIONS flow handler to manage it. FYI a TESB JIRA exists to make this process smoother for the job designers 
Six Stars

Re: REST interface (POST) and CORS

So I add OPTIONS flow for the same URI to an trestresponse and add "Access-Control-Allow-Methods" right?
Employee

Re: REST interface (POST) and CORS

Yes please, add OPTIONS flow handler to tRESTRequest's URL Handler which will listen on the same URL where POST data will be sent to from a browser - the browser should issue a pre-flight OPTIONS request first - you may need to add few more headers to make it this pre-flight pass, see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
which is one of the best articles.
HTH, Sergey