Api Rest Enabled CORS problem

bsfl79 · August 30, 2021, 11:35am

Api Rest Enabled CORS problem
I have a REST API in webMethods 10.5 I have enabled the CORS option to be able to access from an application in agular, When I make the requests it returns a 200 ok but the body of the response is empty, but if I make the request through the postman if that returns results.

This error occurs in a webMethods installation on windows server, if I run it on a winwos 10 it works correctly.

Christian_Winter1 · September 8, 2021, 6:58am

Dear Baltasar,

in case you’re still seeking for a solution, and assuming it’s about a REST API you’ve created in an Integration Server Instance: CORS settings are defined under “Settings” → “Extended”. A minimal configuration looks like this:

watt.server.cors.enabled=true
watt.server.cors.host=<your server’s address>
watt.server.cors.allowedOrigins=<your server’s URL>,<your application’s URL>
watt.server.cors.supportedHeaders=<request header>,<request header>,...

The server’s address is it’s hostname, and optionally a port number. The URLs include the scheme, hostname, and optionally a port number, but no /path?query#fragment components. The request headers are specific headers sent from your application to the server’s REST API. A specific example configuration is:

watt.server.cors.enabled=true
watt.server.cors.host=server.example.com
watt.server.cors.allowedOrigins=https://server.example.com,https://app.example.com:12345
watt.server.cors.supportedHeaders=header1,header2

You can identify the relevant parameter values when inspecting an OPTIONS request made by your browser on behalf of the application to the server. Use your browser’s developer tools for inspecting this. The desired host address can be found in the Host header, the application’s URL can be identified in the Origin header, and the request headers are defined in the Access-Control-Request-Headers header.

The result code 200 you’ve mentioned is maybe from such an OPTIONS request, and based on the response from the server your browser decided not the issue the actual API request at all.

More information on CORS configuration can be found in the Integration Server Administrator’s Guide:

Configuring the Server → Using CORS with Integration Server
Server Configuration Parameters → watt.server.

Your setup is working in Postman because in that case CORS is irrelevant. There is no application with a separate origin in this case (you could pretend this by setting the Origin header). CORS mechanisms are used by browsers when issuing cross-origin requests, which means that the browser requests a resource from a server located at some address on behalf of an application located at a different address.

Best regards,
Christian

bsfl79 · September 8, 2021, 7:40am

I have already solved
The problem was in the client, the Accept header was not being sent correctly and it was not able to receive the Json responses.
I have added the Accept header with the value “application / json” and it works fine.

Christian_Winter1 · September 8, 2021, 7:44am

Dear Baltasar,
great to hear that you’ve identified the cause of the problem and solved it!
Best regards,
Christian

system · December 7, 2021, 7:44am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.