6 Replies Latest reply on Dec 1, 2017 8:20 AM by Carl Wilson

    AO Rest and CORS

    Sherwin Jugwanth

      Hi, hopefully someone can recommend a suitable solution for the issue I am having. I have browsed through some older discussions but they are specific to the ARS rest api.

      I would like to get a solution specific to AO and the CDP tomcat configuration.


      I am on version 7.8.02 of AO.


      I am trying to call the AO rest api from my ARS mid tier server with javascript (ajax),  but am getting the following error which is CORS related


      XMLHttpRequest cannot load http://MY_AO_SERVER.com:9090/baocdp/rest/Login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://MY_REMEDY_MIDTIER:8080' is therefore not allowed access.


      http://MY_REMEDY_MIDTIER.com:8080 not found in Access-Control-Allow-Origin header.


      The ARS mid tier server and the AO server are in the same domain.

      If i put my html file in the AO CDP/tomcat/webapps folder it works fine. If i try from the ARS mid tier server it gives the error.


      Is there an official workaround similar to the ARS rest api one (ie. using a proxy)?


      Below is the options request that is being sent and failing



      OPTIONS http://MY_AO_SERVER.com:9090/baocdp/rest/Login HTTP/1.1

      Host: MY_AO_SERVER.com:9090

      Connection: keep-alive

      Access-Control-Request-Method: POST

      Origin: http://MY_REMEDY_MIDTIER.com:8080

      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36

      Access-Control-Request-Headers: content-type

      Accept: */*

      Referer: http://MY_REMEDY_MIDTIER:8080/test.html

      Accept-Encoding: gzip, deflate

      Accept-Language: en-US,en;q=0.8