I have some Virtual machines to try different versions.
Delphi 10.4.1
Remobjects 1481
procedure TServerDataModule.ROServerSendCrossOriginHeader( var AllowedOrigin: string);
begin
AllowedOrigin:=’*’;
end;
Runs fine in my website. I got results!
No errors
Delphi 11
Remobjects 1521
Webbrowser gives cores error.
Has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
with I confirmed with RestDebugger from Delphi, No “”Access-Control-Allow-Origin=*” in header.
But with data witch I can see in the RestDebugger.
Delphi 11.1
Remobjects 1533
Webbrowser gives NO cores error, but no data is returned.
I confirmed this with the RestDebugger.
Header correct, No bytes returned.
I will try to explain.
I am using TMS Webcore by the way.
When I use
WebRESTClient1.HttpsGet(BaseURL + ‘ListCompanies’);
Everything works as expected
When I use
WebHttpRequest1.URL:=BaseURL + ‘ListCompanies’;
WebHttpRequest1.Execute(
I get the CORS error.
Even more strange that after this error there is no longer
Access-Control-Allow-Origin in the header in any call.
I confirmed this with RestDebugger.
Recap
WebRESTClient1.HttpsGet(BaseURL + ‘ListCompanies’);
WebRESTClient1.HttpsGet(BaseURL + ‘ListCompanies’);
WebRESTClient1.HttpsGet(BaseURL + ‘ListCompanies’);
Works
WebHttpRequest1.Execute
CORS error
WebRESTClient1.HttpsGet(BaseURL + ‘ListCompanies’);
CORS error
RestDebugger
Access-Control-Allow-Origin is missing
By debugging the webservice I see that the method used by WebHttpRequest1 = OPTIONS
function TROCustomHTTPServer.DoCORSSupport(const aRequest: IInterface; const aResponse: IROHTTPResponse): Boolean;
…
aResponse.Headers[id_AccessControlAllowOrigin] := l_corsStruct.AllowedOrigin;
if SameText(l_Request.Method, id_Method_Options) then begin //l_Request.Method = “OPTIONS”
→ if l_Request.Headers[id_AccessControlRequestMethod] <> ‘’ then aResponse.Headers[id_AccessControlAllowMethods] := l_corsStruct.AllowedMethods;
if l_Request.Headers[id_AccessControlRequestHeaders] <> ‘’ then aResponse.Headers[id_AccessControlAllowHeaders] := l_corsStruct.AllowedHeaders; aResponse.Headers[id_AccessControlMaxAge] := IntToStr(l_corsStruct.MaxAge);
end;
Result := True;
end;
end;
finally
l_Request := nil;
end;
end;
when the other call WebHttpRequest1 is used the Method = “GET”
I do the same call https://consolit.nl:8099/api/ListCompanies
But now with, basic authorization.
Yes, I enabled 'RequireHTTPAuthentication"on the server.
Yes, I implemented OnHTTPAuthentication
I deed not specify a realm.
That “OPTIONS” method is still sent in above example.
Because of your comment that in the new version of Remobejects you will sent a 204 back I tried this hack.
Surprise, surprise it makes everything works!
Is this basically your solution as well?
procedure TROBaseHTTPServer.ProcessRequest(const aTransport: IROHTTPTransportEx;
const aRequestStream: TStream; out aResponseStream: TROBinaryMemoryStream;
const aResponse: IROHTTPResponse);
....
l_Request: IROHTTPRequest;
begin
if Assigned(aRequestStream) then aRequestStream.Position := 0;
aResponseStream := nil;
l_acceptModes := HTTP_DetectAcceptEncoding(aTransport.Headers[id_AcceptEncoding]);
if Supports(aTransport, IROHTTPRequest, l_Request) then
begin
if l_Request.Method = 'OPTIONS' then
begin
aResponse.Code := HTTP_204_code;
aResponse.Status:= HTTP_204_status;
aResponse.ContentType := id_ContentType_text_html;
aResponse.Headers[id_AcceptEncoding] := HTTP_SupportedEncoding;
DoCORSSupport(aTransport, aResponse);
WriteUTF8Error(HTTP_204_status);
Exit;
end;
end;
I installed 1535, but the same error occurs.
That is because of if RequireHTTPAuthentication etc
It never gets to your “OPTIONS” in that scenario.
I copied your code and placed it before “if RequireHTTPAuthentication”
Now it works again.