I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
Page 1 / 1
I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------
I am trying to demo the MVS Toolkit to a prospect. I wrote an HTML page (java script gets the data from the MVS Toolkit and displays it) to avoid the need to install a web server somewhere. I have hit the Cross-Origin Request (CORS) problem. I found some documentation how to enable this on MVS Toolkit. It says there: "Access-Control-Allow-Origin contains a list of domains (separated by either an asterisk (*) or a comma) that are allowed access to web services hosted on the MVS server. If all client domains are allowed access, set this value to *. Otherwise, enter a comma separated list of domains." I think, setting this to * is less than perfect, but what is my domain if the webpage resides on my hard-drive not on the web server?
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
You could do the following at the beginning of your programs, put an Include with the following information.
CORS_headers
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<3> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<4> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)
EXAMPLE:
SUBROUTINE LIST_TASK(InArg)
INCLUDE CORS_headers
Whatever...
RETURN
I hope information this helps your question.
Regards
------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------
Hey Chris
You could do the following at the beginning of your programs, put an Include with the following information.
CORS_headers
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<3> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<4> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)
EXAMPLE:
SUBROUTINE LIST_TASK(InArg)
INCLUDE CORS_headers
Whatever...
RETURN
I hope information this helps your question.
Regards
------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------
You could do the following at the beginning of your programs, put an Include with the following information.
CORS_headers
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<3> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<4> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)
EXAMPLE:
SUBROUTINE LIST_TASK(InArg)
INCLUDE CORS_headers
Whatever...
RETURN
I hope information this helps your question.
Regards
------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<1,2> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<2,2> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)
And it won't help with Toolkit versions prior to 2.2.3.122. Better to change the webservices_configuration.xml file. Find:
<instance id="http-cross-origin-resource-sharing">
And just below it find this:
<property name="enabled" value="false"/>
Change "false" to "true" and restart the MVS Toolkit service:
Windows: In services, "Rocket MV Web Service"
Linux: systemctl stop mv.serv then systemctl start mv.serv
------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------
Actually, that INCLUDE is wrong. Should be:
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<1,2> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<2,2> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)
And it won't help with Toolkit versions prior to 2.2.3.122. Better to change the webservices_configuration.xml file. Find:
<instance id="http-cross-origin-resource-sharing">
And just below it find this:
<property name="enabled" value="false"/>
Change "false" to "true" and restart the MVS Toolkit service:
Windows: In services, "Rocket MV Web Service"
Linux: systemctl stop mv.serv then systemctl start mv.serv
------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------
RESPONSE.HEADER=""
RESPONSE.HEADER<1> ="Access-Control-Allow-Origin"
RESPONSE.HEADER<2> = "*"
RESPONSE.HEADER<1,2> = "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER"
RESPONSE.HEADER<2,2> = "true"
CALL MVSP.SET.HTTP.RESPONSE.HEADER(RESPONSE.HEADER)
And it won't help with Toolkit versions prior to 2.2.3.122. Better to change the webservices_configuration.xml file. Find:
<instance id="http-cross-origin-resource-sharing">
And just below it find this:
<property name="enabled" value="false"/>
Change "false" to "true" and restart the MVS Toolkit service:
Windows: In services, "Rocket MV Web Service"
Linux: systemctl stop mv.serv then systemctl start mv.serv
------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------
Fausto,
Thank you for your comment. My concern was mostly about the allowed domains if the HTML is not on the website but on my PC.
Thanks,
Chris
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
I don't know much about the CORS but my understanding is that its all about the entry in the heading. I think, if we can set it from Pick then it could work even for older version of MVS. I cannot really try it, since, I have upgraded the Toolkit.
Fausto,
Thank you for your comment. My concern was mostly about the allowed domains if the HTML is not on the website but on my PC.
Thanks,
Chris
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
Fausto,
Thank you for your comment. My concern was mostly about the allowed domains if the HTML is not on the website but on my PC.
Thanks,
Chris
------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------
<!-- cors.html -->
<script>
(async function() {
const response = await fetch('http://resource-url');
const responseJson = await response.json();
console.log(responseJson);
})();
</script>
Your origin would be null. Setting this in the MVS configuration should work, but doesn't. It's also not recommended, according to this MDN doc.
<property name="Access-Control-Allow-Origin" value="null"/> <--- doesn't work (didn't for me anyway)
Might be able to get it to work with the CALL MVSP.SET.HTTP.RESPONSE.HEADER suggested above, but you would still need to either use *, or the not recommended, null.
An easy option for demonstration purposes, if you have node on your machine, is to use something like the following to serve static files:
https://github.com/http-party/http-server
------------------------------
Jeremy Lockwood
Awesome
ASE Supply Inc
Portland OR United States
------------------------------
Sign up
Already have an account? Login
Welcome to the Rocket Forum!
Please log in or register:
Employee Login | Registration Member Login | RegistrationEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.
77 4th Avenue
Waltham, MA 02451 USA
