webMethods CORS Error

,
1

Hello
I’m encountering an error while attempting to consume a REST API developed in webMethods. I’m using JavaScript to make the API call and pass parameters to it. Could someone please help me troubleshoot this issue?

Access to fetch at 'http://localhost:5555/restv2/calculator' from origin 'http://localhost:50683' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

2

Cors policy related errors aren’t usually related to applications directly. Consult to your network admins for more information.
What is CORS? - Cross-Origin Resource Sharing Explained - AWS.

3

Check this section in the IS documentation: https://documentation.softwareag.com/webmethods/integration_server/pie10-15/webhelp/pie-webhelp/#page/pie-webhelp%2Fto-configure_the_server_40.html%23

In a development environment, you can use it to configure the IS to correctly handle the CORS method (the so called preflight request) and the related headers.

In production, you could delegate the management of CORS to a middleware. The API Gateway has a CORS policy that’s pretty straightforward to configure.

CORS is a security protection, you need to white list domains, possibly HTTP methods (even HTTP headers) that can be used to invoke your API from the Javascript code in the web browser. Your organization may want to implement separation of concerns here and ask operating engineers (or SecOps) to deal with this whitelisting.

1 Like
4

Based on your post, you have:

You need to modify the CORS parameters on the Integration Server (IS). How to do it ?

Go to the IS admin panel. In the left side, click on Settings and Extended. There you can modify the parameters related to the CORS.

The parameters watt.server.cors.allowedOrigins, watt.server.cors.enabled, watt.server.cors.host are the main paramaters to modify.

  • watt.server.cors.enabled to enable the cors. Update it at true.
  • watt.server.cors.host contains the address of the IS. In your case: 127.0.0.1:5555
  • watt.server.cors.allowedOrigins contains the addresses of the API caller (your javascript app). In your case http://127.0.0.1:5068. If you have multiple caller in multiple server, list it (eg: http://127.0.0.1:5068, http://127.0.0.1:8081)

After the modification, you have to restart your IS.

watt.server.cors.allowedOrigins=http://127.0.0.1:5068

watt.server.cors.enabled=true

watt.server.cors.exposedHeaders=

watt.server.cors.host=127.0.0.1:5555

watt.server.cors.maxAge=-1

watt.server.cors.supportedHeaders=accept,cache-control,authorization,content-type,access-control-allow-origin

watt.server.cors.supportedMethods=GET,POST,PUT,DELETE,OPTIONS,HEAD

watt.server.cors.supportsCredentials=false
2 Likes
5

CorsError
CorsError1130×372 28.5 KB

Still getting the same error

Access to fetch at ‘http://localhost:5555/restv2/calculator’ from origin ‘http://localhost:55093’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled

6

Update your actual watt.server.cors.allowedOrigins parameters with this one:

watt.server.cors.allowedOrigins=http://127.0.0.1:55093

To be mentioned:

  • In your first post the caller script is available at 127.0.0.1 with the port 50683 but in the configuration you’ve mentioned the port 55093. Important to mention the right port in the above parameter.
  • Restart your Integration Server after the update.

If there is a error, give us the error details you get in your browser console.

By curiosity, what is the server that serve the frontend part ? (Tomcat, HTTP Server, etc.)

7

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.