Status: Open
Status: Answered
Status: Closed
Status: Duplicate

CS REST API and CORS on IE

2
Posted Dec 23 by Maria Pashuk.
Updated Dec 23.

I am writing some basic tests using Content Server API v1, and encountered a problem - IE. Both 10 and 9 (most likely 8 too)
From what I understand, 9 (and 8) doesn't support XMLHTTPRequest with CORS at all, so CORS is done via XDomainRequest, which does not support custom headers. This means:
1) content type is always text, and the authentication webservice expects Content-Type: application/x-www-form-urlencoded. It simply doesn't parse raw data and complains about missing "username" argument even though it's provided
2) we won't be able to set OTCSToken header, so… everything else won't work.

<strike>As for IE 10, I cannot get it to work on Windows 8, I keep getting Access Denied on xhr.open(…), and the request isn't even sent. It works fine on Windows 7.</strike> Nevermind. The second domain was not in my trusted sites. Doh. So IE 10 is fine with XMLHttpRequest, so are Firefox and Chrome (of course).

So what about IE 9/8? Any pointers? Someone must have tested cross domain requests with IE.

2 Answers

2
BEST ANSWER: As chosen by the author.

Hi Maria,

Thank you for your question.

The standard way to support this kind of behaviour is to use the AppWorks proxy. Proxying content allows you to bypass many cross-domain (same-origin policy) issues. You are able to download the proxy (otag.proxy) under the Downloads section.
Resources -> Downloads -> Components - Proxy (otag.proxy)

See what's new in AppWorks 1.1.5
AppWorks Developer Article - OpenText AppWorks Gateway 1.1.5 available


0
BEST ANSWER: As chosen by the author.

If you deploy your testing application to OTAG, the AppWorks proxy will help you. If your testing page does nor run on OTAG, it will not. If you need a general solution for the CORS support, not a solution for OTAG applications only, XDomainRequest has severe limitations. I suggest using window-to-window cross-origin communication as a workaround for the IE8-9. If you install the CS UI Widgets, you will get the CORS support done this way by our jQuery.CoAjax there. This is an example to get a node information using jQuery on any browser:

csui.require([&quot;lib/jquery&quot;, &quot;util/coajax&quot;], function ($, CoAjax) {

  var connection: {
          url: &quot;//localhost/otcs/cs/api/v1&quot;,
          supportPath: &quot;/otcssupport&quot;
      };

  CoAjax.registerTarget(connection);

  $.ajax({
    type: &quot;GET&quot;, url: connection.url + &quot;/nodes/123&quot;,
    headers: { Authorization: &quot;Basic &quot; + btoa(&quot;Admin:livelink&quot;) }
  }).done(function (response) {
    alert(response.data.name);
  });

});

 You have subscribed and will receive email notifications of updates to this topic. To unsubscribe, uncheck the checkbox.

Statistics

Your answer

To leave an answer, please sign in.