D3 and mvBase

I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Hey, Chris, I'll post an answer in here as soon as we get done with the case you opened.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Original Message:
Sent: 09-16-2021 08:59
From: Chris Wolcz
Subject: CORS

I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Hey Chris

You could do the following at the beginning of your programs, put an Include with the following information.

CORS_headers
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<3> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<4> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)

EXAMPLE:

SUBROUTINE LIST_TASK(InArg)

 INCLUDE CORS_headers
    
Whatever...     
   
RETURN

I hope information this helps your question.

Regards




------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Original Message:
Sent: 09-16-2021 08:59
From: Chris Wolcz
Subject: CORS

I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Actually, that INCLUDE is wrong. Should be:

RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<1,2> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<2,2> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)

And it won't help with Toolkit versions prior to 2.2.3.122. Better to change the webservices_configuration.xml file. Find:
<instance id="http-cross-origin-resource-sharing">
And just below  it find this:
<property name="enabled" value="false"/>
Change "false" to "true" and restart the MVS Toolkit service:
Windows: In services, "Rocket MV Web Service"
Linux: systemctl stop mv.serv then systemctl start mv.serv


------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Original Message:
Sent: 09-17-2021 18:56
From: Fausto Paredes
Subject: CORS

Hey Chris

You could do the following at the beginning of your programs, put an Include with the following information.

CORS_headers
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<3> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<4> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)

EXAMPLE:

SUBROUTINE LIST_TASK(InArg)

 INCLUDE CORS_headers
    
Whatever...     
   
RETURN

I hope information this helps your question.

Regards




------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador

Original Message:
Sent: 09-16-2021 08:59
From: Chris Wolcz
Subject: CORS

I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

I don't know much about the CORS but my understanding is that its all about the entry in the heading. I think, if we can set it from Pick then it could work even for older version of MVS. I cannot really try it, since, I have upgraded the Toolkit.

Fausto,

Thank you for your comment. My concern was mostly about the allowed domains if the HTML is not on the website but on my PC.

Thanks,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Original Message:
Sent: 09-17-2021 19:11
From: Brian Cram
Subject: CORS

Actually, that INCLUDE is wrong. Should be:

RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<1,2> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<2,2> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)

And it won't help with Toolkit versions prior to 2.2.3.122. Better to change the webservices_configuration.xml file. Find:
<instance id="http-cross-origin-resource-sharing">
And just below  it find this:
<property name="enabled" value="false"/>
Change "false" to "true" and restart the MVS Toolkit service:
Windows: In services, "Rocket MV Web Service"
Linux: systemctl stop mv.serv then systemctl start mv.serv


------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software

Original Message:
Sent: 09-17-2021 18:56
From: Fausto Paredes
Subject: CORS

Hey Chris

You could do the following at the beginning of your programs, put an Include with the following information.

CORS_headers
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<3> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<4> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)

EXAMPLE:

SUBROUTINE LIST_TASK(InArg)

 INCLUDE CORS_headers
    
Whatever...     
   
RETURN

I hope information this helps your question.

Regards




------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador

Original Message:
Sent: 09-16-2021 08:59
From: Chris Wolcz
Subject: CORS

I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

If you are doing something like the following, and then loading this file directly into your browser (no webserver) -

<!-- cors.html -->
<script>
(async function() {
  const response = await fetch('http://resource-url');
  const responseJson = await response.json();
  console.log(responseJson);
})();
</script>

Your origin would be null.  Setting this in the MVS configuration should  work, but doesn't.  It's also not recommended, according to this MDN doc.

webservices_configuration.xml
<property name="Access-Control-Allow-Origin" value="null"/> <--- doesn't work (didn't for me anyway)

Might be able to get it to work with the CALL MVSP.SET.HTTP.RESPONSE.HEADER suggested above, but you would still need to either use *, or the not recommended, null.

An easy option for demonstration purposes, if you have node on your machine, is to use something like the following to serve static files:

https://github.com/http-party/http-server



------------------------------
Jeremy Lockwood
Awesome
ASE Supply Inc
Portland OR United States
------------------------------

Original Message:
Sent: 09-20-2021 08:31
From: Chris Wolcz
Subject: CORS

I don't know much about the CORS but my understanding is that its all about the entry in the heading. I think, if we can set it from Pick then it could work even for older version of MVS. I cannot really try it, since, I have upgraded the Toolkit.

Fausto,

Thank you for your comment. My concern was mostly about the allowed domains if the HTML is not on the website but on my PC.

Thanks,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States

Original Message:
Sent: 09-17-2021 19:11
From: Brian Cram
Subject: CORS

Actually, that INCLUDE is wrong. Should be:

RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<1,2> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<2,2> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)

And it won't help with Toolkit versions prior to 2.2.3.122. Better to change the webservices_configuration.xml file. Find:
<instance id="http-cross-origin-resource-sharing">
And just below  it find this:
<property name="enabled" value="false"/>
Change "false" to "true" and restart the MVS Toolkit service:
Windows: In services, "Rocket MV Web Service"
Linux: systemctl stop mv.serv then systemctl start mv.serv


------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software

Original Message:
Sent: 09-17-2021 18:56
From: Fausto Paredes
Subject: CORS

Hey Chris

You could do the following at the beginning of your programs, put an Include with the following information.

CORS_headers
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<3> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<4> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)

EXAMPLE:

SUBROUTINE LIST_TASK(InArg)

 INCLUDE CORS_headers
    
Whatever...     
   
RETURN

I hope information this helps your question.

Regards




------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador

Original Message:
Sent: 09-16-2021 08:59
From: Chris Wolcz
Subject: CORS

I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------