CORS problems
Hi,
I have some error with my CORS configuration:
I already follow this link : https://documentation.bonitasoft.com/bonita/7.10/enable-cors-in-tomcat-bundle.
In my web.xml ( in my bonita.war) i have added:
CorsFilter
org.apache.catalina.filters.CorsFilter
cors.allowed.origins *
cors.allowed.methods GET, HEAD, POST, PUT, DELETE, OPTIONS
cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token
cors.allowed.headers
Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Bonita-API-Token
Just before the first filter.
I have restart my bundle, and try to access to Bonita through the code in the previous link.
This error occurred :
Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'null' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
So i have replace the wildcard '*' with my origin adress :
cors.allowed.origins http://myoriginAdress
But, one other error occured:
Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'http://myoriginAdress:8080' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
If someone can help me about that, that will be great :)
Regards,
Hi,
I've added those lines on my web.xml, but it didn't worked.
i still get that error:
Access to XMLHttpRequest at 'http://localhost:53100/bonita/logoutservice?redirect=false' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Thanks.
Comments
I have forget the 'space' between credential and true
cors.support.credentials true
Hi friend. Can you share here all the lines of code of your web.xml file? It would be of great help to me
Hello Dibyajit.Roy.
Do you use the free version of Bonita Studio or is it a paid version?
On the other hand, if I use the line
cors.allowed.origins
*
the Bonita studio api not running
If I use the line of code
cors.allowed.origins
http://localhost:443
browser console writes
Access to XMLHttpRequest at 'http://localhost:8080/bonita/loginservice?username=walter.bates&password...' from origin 'http://localhost:443' has been blocked by CORS policy: Response to preflight request doesn 't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
any solution for this?
Hello
I have used both Community and Subscription version.
I have been able to work with both types of bonita + Angular
I have used cors.allowed.origins '*' and it works fine.
Comments
Hi friend. Can you share here all the lines of code of your web.xml file? It would be of great help to me
Can you share the path for XML file where you are placing the CORS filter.
I hope you are adding the code in the correct directory inside the correct file.
Hello.
in this directory
C:\BonitaStudioCommunity-2022.1-u0\workspace\tomcat\server\webapps\bonita\WEB-INF\web.xml
and this is the complete code
<?xml version="1.0" encoding="UTF-8"?>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
Bonita
500
/error/500
403
/error/403
404
/error/404
CorsFilter
org.apache.catalina.filters.CorsFilter
cors.allowed.origins
*
cors.support.credentials
true
cors.allowed.methods
GET,HEAD,POST,PUT,DELETE,OPTIONS
cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token
cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Bonita-API-Token
...
CorsFilter
/*
NoCacheFilter
org.bonitasoft.console.common.server.filter.NoCacheFilter
FrameSecurityFilter
org.bonitasoft.console.common.server.login.filter.FrameSecurityFilter
X-Frame-Options SAMEORIGIN
ContentTypeSecurityFilter
org.bonitasoft.console.common.server.login.filter.ContentTypeSecurityFilter
X-Content-Type-Options nosniff
RestAPIAuthorizationFilter
org.bonitasoft.console.common.server.login.filter.RestAPIAuthorizationFilter
RestAPIAuthorizationFilterToolkit
org.bonitasoft.console.common.server.login.filter.RestAPIAuthorizationFilter
TokenGeneratorFilter
org.bonitasoft.console.common.server.login.filter.TokenGeneratorFilter
TokenValidatorFilter
org.bonitasoft.console.common.server.login.filter.TokenValidatorFilter
AuthenticationFilter
org.bonitasoft.console.common.server.login.filter.AuthenticationFilter
redirectWhenUnauthorized true
CacheFilter
org.bonitasoft.console.common.server.filter.CacheFilter
duration 36000
alwaysCaching true
CustomPageCacheFilter
org.bonitasoft.console.common.server.filter.CacheFilter
duration 15768000
alwaysCaching false
UrlRewriteFilter
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
logLevel slf4j
NoCacheFilter
/portal/formsDocumentDownload
/portal/formsDocumentImage
/portal/downloadDocument
/portal/documentDownload
/portal/runreport
/API/*
/APIToolkit/*
/portal/custom-page/API/*
/portal.js/index.html
/portal/exportOrganization
/portal/pageDownload
/portal/exportActors
REQUEST
FORWARD
FrameSecurityFilter
/*
REQUEST
FORWARD
ContentTypeSecurityFilter
/*
REQUEST
FORWARD
TokenValidatorFilter
/API/*
/APIToolkit/*
/portal/custom-page/API/*
/portal/resource/*
/apps/*
AuthenticationFilter
/portal/*
/portal.js/*
/apps/*
/services/*
RestAPIAuthorizationFilter
/API/*
/APIToolkit/*
/portal/custom-page/API/*
/portal/formsDocumentDownload
/portal/documentDownload
/portal/downloadDocument
/portal/pageDownload
/services/*
/portal/exportOrganization
REQUEST
FORWARD
INCLUDE
RestAPIAuthorizationFilterToolkit
/APIToolkit/*
REQUEST
TokenGeneratorFilter
/API/system/session/*
/APIToolkit/system/session/*
/portal/custom-page/API/system/session/*
FORWARD
CacheFilter
/login.jsp
/portal/pageResource
/platformloginservice
/platformlogoutservice
/API/system/i18ntranslation
/API/avatars/*
/API/applicationIcon/*
/css
/images
/portal-theme
/portal.js/*
REQUEST
FORWARD
CustomPageCacheFilter
/portal/resource/*
/portal/resource/app/*
/apps/*
/portal/custom-page/*
REQUEST
FORWARD
UrlRewriteFilter
/*
REQUEST
FORWARD
net.sf.ehcache.constructs.web.ShutdownListener
org.bonitasoft.engine.api.internal.servlet.EngineInitializerListener org.bonitasoft.console.common.server.servlet.PlatformTenantListener
errorPageServlet
org.bonitasoft.console.common.server.servlet.ErrorPageServlet
BonitaRestAPIServlet
org.bonitasoft.web.rest.server.BonitaRestAPIServlet
RestletServlet
org.bonitasoft.web.rest.server.BonitaRestletApplicationServlet
CustomPageRestletServlet
org.bonitasoft.web.rest.server.BonitaRestletApplicationServlet
ConsoleServiceServlet
org.bonitasoft.console.server.ConsoleServiceServlet
fileUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
formFileUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
ContentType json
ReturnOriginalFilename true
CheckUploadedFileSize true
processUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions bar
apiProcessUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions bar
ReturnOriginalFilename true
ContentType json
xmlUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions xml
imageUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions png,jpg,gif,jpeg,bmp,wbmp,tga
CheckUploadedImageSize true
apiImageUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions png,jpg,gif,jpeg,bmp,wbmp,tga
ContentType json
ReturnOriginalFilename true
CheckUploadedImageSize true
organizationIconServlet
org.bonitasoft.console.common.server.servlet.OrganizationIconServlet
applicationIconServlet
org.bonitasoft.console.common.server.servlet.ApplicationIconServlet
loginService
org.bonitasoft.console.common.server.login.servlet.LoginServlet
logoutService
org.bonitasoft.console.common.server.login.servlet.LogoutServlet
platformLoginService
org.bonitasoft.console.common.server.login.servlet.PlatformLoginServlet
platformLogoutService
org.bonitasoft.console.common.server.login.servlet.PlatformLogoutServlet
exportOrganizationServlet
org.bonitasoft.console.server.servlet.OrganizationExportServlet
exportApplicationsServlet
org.bonitasoft.console.server.servlet.ApplicationsExportServlet
deprecatedDocumentDownloadServlet
org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet
documentDownload
org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet
formsDocumentDownload
org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet
formsDocumentImage
org.bonitasoft.console.common.server.servlet.DocumentImageServlet
exportOrganizationServlet
/portal/exportOrganization
/portal/custom-page/API/exportOrganization
/API/exportOrganization
exportApplicationsServlet
/portal/exportApplications
exportProcessActorsServlet
org.bonitasoft.console.server.servlet.ProcessActorsExportServlet
CustomPageServlet
org.bonitasoft.console.common.server.page.CustomPageServlet
pageResource
org.bonitasoft.console.common.server.page.PageResourceServlet
pageDownload
org.bonitasoft.console.common.server.page.PageDownloadServlet
pageUploadServlet
org.bonitasoft.console.common.server.servlet.PageUploadServlet
SupportedExtensions zip
ReturnOriginalFilename true
apiPageUploadServlet
org.bonitasoft.console.common.server.servlet.PageUploadServlet
SupportedExtensions zip
ContentType json
ReturnOriginalFilename true
ProcessFormServlet
org.bonitasoft.console.common.server.form.ProcessFormServlet
livingApplicationServlet
org.bonitasoft.livingapps.LivingApplicationServlet
livingApplicationPageServlet
org.bonitasoft.livingapps.LivingApplicationPageServlet
PageServlet
org.bonitasoft.console.common.server.page.PageServlet
HttpAPIServlet
org.bonitasoft.engine.api.internal.servlet.HttpAPIServlet
errorPageServlet
/error/*
livingApplicationServlet
/apps/*
livingApplicationPageServlet
/portal/resource/app/*
processUploadServlet
/portal/processUpload
apiProcessUploadServlet
/API/processUpload
xmlUploadServlet
/portal/organizationUpload
xmlUploadServlet
/portal/applicationsUpload
xmlUploadServlet
/portal/actorsUpload
imageUploadServlet
/portal/imageUpload
apiImageUploadServlet
/API/imageUpload
fileUploadServlet
/portal/fileUpload
formFileUploadServlet
/API/formFileUpload
/portal/custom-page/API/formFileUpload
exportProcessActorsServlet
/portal/exportActors
organizationIconServlet
/API/avatars/*
/portal/custom-page/API/avatars/*
applicationIconServlet
/API/applicationIcon/*
deprecatedDocumentDownloadServlet
/portal/downloadDocument
documentDownload
/portal/documentDownload
/API/documentDownload
/portal/custom-page/API/documentDownload
formsDocumentDownload
/portal/formsDocumentDownload
formsDocumentImage
/portal/formsDocumentImage
/API/formsDocumentImage
/portal/custom-page/API/formsDocumentImage
loginService
/loginservice
logoutService
/logoutservice
platformLoginService
/platformloginservice
platformLogoutService
/platformlogoutservice
RestletServlet
/API/*
CustomPageRestletServlet
/portal/custom-page/API/*
BonitaRestAPIServlet
/APIToolkit/*
ConsoleServiceServlet
/services/*
/API/services/*
/portal/custom-page/API/services/*
CustomPageServlet
/portal/custom-page/*
pageResource
/portal/pageResource
pageDownload
/portal/pageDownload
/API/pageDownload
pageUploadServlet
/portal/pageUpload
apiPageUploadServlet
/API/pageUpload
ProcessFormServlet
/portal/form/*
PageServlet
/portal/resource/*
HttpAPIServlet
/serverAPI/*
java:comp/env/RawBonitaDS
javax.sql.DataSource
Container
java:comp/env/bonitaDS
javax.sql.DataSource
Container
java:comp/env/bonitaSequenceManagerDS
javax.sql.DataSource
Container
java:comp/env/RawBusinessDataDS
javax.sql.DataSource
Container
java:comp/env/BusinessDataDS
javax.sql.DataSource
Container
java:comp/env/NotManagedBizDataDS
javax.sql.DataSource
Container
index.html
bonita-http-api-url
/serverAPI/*
bonita-http-api
BASIC
Restricted access
bonita-http-api