MultiValue Tools

 View Only

 MVIS CORS

Mike Young's profile image
PARTNER Mike Young posted 11-11-2022 08:27
I have setup a subroutine endpoint to my database but on trying to perform a POST action in an intranet webpage it is getting a CORS error and going through a preflight.  Is there a way to configure the server to allow cross origin?

nb. MVIS and apache are running on the same machine
Brian Speirs's profile image
Brian Speirs
On IIS, this requires a custom header (within the httpProtocol section) in the web.config file in the root of the website. This looks like:

    <add name="Access-Control-Allow-Origin" value="*" />

Apache will have something similar.

Cheers,

Brian
Mike Young's profile image
PARTNER Mike Young
apache is just what we are using the provide a front facing web page and you cannot set that kind of custom header on a request.

MVIS is the backend API / server which is where the CORS issue is. I was asking if there was a way to do what you are suggesting thinking there would be some sort of config file I couldn't find in the doco where we could add in custom headers.

Nb. Since creating this question I have logged a support ticket with Rocket and they have responded that it is currently unable to do it and it is with development.  They did suggest some workarounds which was to setup a proxy and call that instead and for that to deal with CORS issue
https://medium.com/@dtkatz/3-ways-to-fix-the-cors-error-and-how-access-control-allow-origin-works-d97d55946d9
https://gist.github.com/jesperorb/6ca596217c8dfba237744966c2b5ab1e

As we were developing with apache we have currently gone with this (until there is fix/update to MVIS)
https://chriscarey.com/blog/2014/06/13/apache-proxy-with-cors-headers/
Brian Speirs's profile image
Brian Speirs
A quick Google search turned up this page for setting up Apache with this header: https://ubiq.co/tech-blog/enable-cors-apache-web-server/

But as your articles state, allowing all cross-origin requests is probably not a good idea. If it is only for an intranet, it is probably OK, but not a good idea for a public facing website. Ultimately, using a proxy is probably safer.

Cheers,

Brian