Chronicle
October 30, 2019, 1:15pm
1
I have a Javascript client (https://chronicleweb.gochronicle.net ). I keep getting Cross-Origin Request Blocked:
The Same Origin Policy disallows reading the remote resource at https://j808983.gochronicle.net:8097/bin?1572372846813 . (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://j808983.gochronicle.net:8097/bin?1572372846813 . (Reason: CORS request did not succeed).
I have CORS on the server set to:
channel.SendCrossOriginHeader = true;
I have had all of this working over http://. locally to the server. This all started when I attempted to use SSL.
What do I need to do to get this to work?
Thanks,
antonk
October 30, 2019, 3:51pm
3
Server Channel exposes an event named OnCustomCrossOrigin that allows to setup the CORS response.
However please double-check that your server has CORS enabled. I do not see the CORS response when I try to ping the server mentioned in the error message
Chronicle
October 30, 2019, 6:44pm
4
Sorry, I should have checked that. You put me on the right track. The SSL channel was not being set correctly it is now. It works!
channel.SendCrossOriginHeader = true;
It helps if you set the correct channel…
Is there a way to limit exposure on the RODA server like this?
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: http://example.com:8080
antonk
October 31, 2019, 10:01am
5
Unfortunately definition of this HTTP header does not allow
Returning multiple domains like http://example1.com,http:/example2.com . Only single domain or * are allowed
Using wildcards like http://*.example1.com
Omitting protocol like example.com
Omitting non-default ports like returning http://example.com for API running at http://example.com:8099
EDIT: But ‘definition’ here I mean that these limitations are not specific to Remoting SDK. It is how this header is defined by W3: Fetch Standard
