CORS problems

Submitted by bastien.laurent... on Thu, 02/20/2020 - 17:32
1
0
-1

Hi,

I have some error with my CORS configuration:
I already follow this link : https://documentation.bonitasoft.com/bonita/7.10/enable-cors-in-tomcat-bundle.
In my web.xml ( in my bonita.war) i have added:


CorsFilter
org.apache.catalina.filters.CorsFilter

cors.allowed.origins *

cors.allowed.methods GET, HEAD, POST, PUT, DELETE, OPTIONS


cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token


cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Bonita-API-Token

Just before the first filter.

I have restart my bundle, and try to access to Bonita through the code in the previous link.
This error occurred :

Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'null' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

So i have replace the wildcard '*' with my origin adress :

cors.allowed.origins http://myoriginAdress

But, one other error occured:

Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'http://myoriginAdress:8080' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

If someone can help me about that, that will be great :)

Regards,

Bonita 7.10
CORS
tomcat
2 answers

Submitted by bastien.laurent... on Fri, 02/21/2020 - 14:16
1
0
-1
This one is the BEST answer!

Resolve.

For information, i have added those lines in CorsFilter:

cors.support.credentials true

Comments

Submitted by weglineduardo on Sun, 09/25/2022 - 17:45

Hi friend. Can you share here all the lines of code of your web.xml file? It would be of great help to me

Permalink
Submitted by Dibyajit.Roy on Sun, 09/25/2022 - 19:09

Can you share the path for XML file where you are placing the CORS filter.
I hope you are adding the code in the correct directory inside the correct file.

Permalink
Submitted by weglineduardo on Mon, 09/26/2022 - 01:34

Hello.
in this directory
C:\BonitaStudioCommunity-2022.1-u0\workspace\tomcat\server\webapps\bonita\WEB-INF\web.xml

and this is the complete code

<?xml version="1.0" encoding="UTF-8"?>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
Bonita


500
/error/500


403
/error/403


404
/error/404


CorsFilter
org.apache.catalina.filters.CorsFilter


cors.allowed.origins

*



cors.support.credentials

true



cors.allowed.methods

GET,HEAD,POST,PUT,DELETE,OPTIONS


cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token


cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Bonita-API-Token


...

CorsFilter
/*


NoCacheFilter
org.bonitasoft.console.common.server.filter.NoCacheFilter


FrameSecurityFilter
org.bonitasoft.console.common.server.login.filter.FrameSecurityFilter

X-Frame-Options SAMEORIGIN


ContentTypeSecurityFilter
org.bonitasoft.console.common.server.login.filter.ContentTypeSecurityFilter
X-Content-Type-Options nosniff


RestAPIAuthorizationFilter
org.bonitasoft.console.common.server.login.filter.RestAPIAuthorizationFilter




RestAPIAuthorizationFilterToolkit
org.bonitasoft.console.common.server.login.filter.RestAPIAuthorizationFilter


TokenGeneratorFilter
org.bonitasoft.console.common.server.login.filter.TokenGeneratorFilter


TokenValidatorFilter
org.bonitasoft.console.common.server.login.filter.TokenValidatorFilter




AuthenticationFilter
org.bonitasoft.console.common.server.login.filter.AuthenticationFilter
redirectWhenUnauthorized true


CacheFilter
org.bonitasoft.console.common.server.filter.CacheFilter

duration 36000
alwaysCaching true


CustomPageCacheFilter
org.bonitasoft.console.common.server.filter.CacheFilter

duration 15768000
alwaysCaching false


UrlRewriteFilter
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter

logLevel slf4j


NoCacheFilter
/portal/formsDocumentDownload
/portal/formsDocumentImage
/portal/downloadDocument
/portal/documentDownload
/portal/runreport
/API/*
/APIToolkit/*
/portal/custom-page/API/*
/portal.js/index.html

/portal/exportOrganization
/portal/pageDownload
/portal/exportActors
REQUEST
FORWARD


FrameSecurityFilter
/*
REQUEST
FORWARD


ContentTypeSecurityFilter
/*
REQUEST
FORWARD


TokenValidatorFilter
/API/*
/APIToolkit/*


/portal/custom-page/API/*
/portal/resource/*
/apps/*


AuthenticationFilter
/portal/*
/portal.js/*
/apps/*
/services/*


RestAPIAuthorizationFilter
/API/*
/APIToolkit/*

/portal/custom-page/API/*
/portal/formsDocumentDownload
/portal/documentDownload
/portal/downloadDocument
/portal/pageDownload
/services/*
/portal/exportOrganization

REQUEST
FORWARD
INCLUDE



RestAPIAuthorizationFilterToolkit
/APIToolkit/*

REQUEST



TokenGeneratorFilter
/API/system/session/*
/APIToolkit/system/session/*

/portal/custom-page/API/system/session/*
FORWARD


CacheFilter
/login.jsp
/portal/pageResource
/platformloginservice
/platformlogoutservice
/API/system/i18ntranslation
/API/avatars/*
/API/applicationIcon/*

/css
/images
/portal-theme
/portal.js/*
REQUEST
FORWARD


CustomPageCacheFilter
/portal/resource/*
/portal/resource/app/*
/apps/*
/portal/custom-page/*
REQUEST
FORWARD


UrlRewriteFilter
/*
REQUEST
FORWARD

net.sf.ehcache.constructs.web.ShutdownListener

org.bonitasoft.engine.api.internal.servlet.EngineInitializerListener org.bonitasoft.console.common.server.servlet.PlatformTenantListener


errorPageServlet
org.bonitasoft.console.common.server.servlet.ErrorPageServlet


BonitaRestAPIServlet
org.bonitasoft.web.rest.server.BonitaRestAPIServlet


RestletServlet
org.bonitasoft.web.rest.server.BonitaRestletApplicationServlet


CustomPageRestletServlet
org.bonitasoft.web.rest.server.BonitaRestletApplicationServlet


ConsoleServiceServlet
org.bonitasoft.console.server.ConsoleServiceServlet


fileUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet


formFileUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet

ContentType json
ReturnOriginalFilename true
CheckUploadedFileSize true


processUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions bar


apiProcessUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions bar
ReturnOriginalFilename true
ContentType json


xmlUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions xml


imageUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions png,jpg,gif,jpeg,bmp,wbmp,tga
CheckUploadedImageSize true


apiImageUploadServlet
org.bonitasoft.console.common.server.servlet.TenantFileUploadServlet
SupportedExtensions png,jpg,gif,jpeg,bmp,wbmp,tga
ContentType json
ReturnOriginalFilename true
CheckUploadedImageSize true


organizationIconServlet
org.bonitasoft.console.common.server.servlet.OrganizationIconServlet


applicationIconServlet
org.bonitasoft.console.common.server.servlet.ApplicationIconServlet


loginService
org.bonitasoft.console.common.server.login.servlet.LoginServlet


logoutService
org.bonitasoft.console.common.server.login.servlet.LogoutServlet


platformLoginService
org.bonitasoft.console.common.server.login.servlet.PlatformLoginServlet


platformLogoutService
org.bonitasoft.console.common.server.login.servlet.PlatformLogoutServlet


exportOrganizationServlet
org.bonitasoft.console.server.servlet.OrganizationExportServlet


exportApplicationsServlet
org.bonitasoft.console.server.servlet.ApplicationsExportServlet


deprecatedDocumentDownloadServlet
org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet


documentDownload
org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet


formsDocumentDownload
org.bonitasoft.console.common.server.servlet.DocumentDownloadServlet


formsDocumentImage
org.bonitasoft.console.common.server.servlet.DocumentImageServlet


exportOrganizationServlet
/portal/exportOrganization
/portal/custom-page/API/exportOrganization
/API/exportOrganization


exportApplicationsServlet
/portal/exportApplications


exportProcessActorsServlet
org.bonitasoft.console.server.servlet.ProcessActorsExportServlet


CustomPageServlet
org.bonitasoft.console.common.server.page.CustomPageServlet



pageResource
org.bonitasoft.console.common.server.page.PageResourceServlet


pageDownload
org.bonitasoft.console.common.server.page.PageDownloadServlet


pageUploadServlet
org.bonitasoft.console.common.server.servlet.PageUploadServlet
SupportedExtensions zip
ReturnOriginalFilename true


apiPageUploadServlet
org.bonitasoft.console.common.server.servlet.PageUploadServlet
SupportedExtensions zip
ContentType json
ReturnOriginalFilename true


ProcessFormServlet
org.bonitasoft.console.common.server.form.ProcessFormServlet


livingApplicationServlet
org.bonitasoft.livingapps.LivingApplicationServlet


livingApplicationPageServlet
org.bonitasoft.livingapps.LivingApplicationPageServlet


PageServlet
org.bonitasoft.console.common.server.page.PageServlet


HttpAPIServlet
org.bonitasoft.engine.api.internal.servlet.HttpAPIServlet


errorPageServlet
/error/*


livingApplicationServlet
/apps/*


livingApplicationPageServlet
/portal/resource/app/*


processUploadServlet
/portal/processUpload


apiProcessUploadServlet
/API/processUpload


xmlUploadServlet
/portal/organizationUpload


xmlUploadServlet
/portal/applicationsUpload


xmlUploadServlet
/portal/actorsUpload


imageUploadServlet
/portal/imageUpload


apiImageUploadServlet
/API/imageUpload


fileUploadServlet
/portal/fileUpload


formFileUploadServlet
/API/formFileUpload
/portal/custom-page/API/formFileUpload


exportProcessActorsServlet
/portal/exportActors


organizationIconServlet
/API/avatars/*
/portal/custom-page/API/avatars/*


applicationIconServlet
/API/applicationIcon/*


deprecatedDocumentDownloadServlet
/portal/downloadDocument


documentDownload
/portal/documentDownload
/API/documentDownload
/portal/custom-page/API/documentDownload


formsDocumentDownload
/portal/formsDocumentDownload


formsDocumentImage
/portal/formsDocumentImage
/API/formsDocumentImage
/portal/custom-page/API/formsDocumentImage


loginService
/loginservice


logoutService
/logoutservice


platformLoginService
/platformloginservice


platformLogoutService
/platformlogoutservice


RestletServlet
/API/*


CustomPageRestletServlet
/portal/custom-page/API/*


BonitaRestAPIServlet
/APIToolkit/*


ConsoleServiceServlet
/services/*
/API/services/*
/portal/custom-page/API/services/*


CustomPageServlet
/portal/custom-page/*



pageResource
/portal/pageResource


pageDownload
/portal/pageDownload
/API/pageDownload


pageUploadServlet
/portal/pageUpload


apiPageUploadServlet
/API/pageUpload


ProcessFormServlet
/portal/form/*


PageServlet
/portal/resource/*


HttpAPIServlet
/serverAPI/*


java:comp/env/RawBonitaDS
javax.sql.DataSource
Container


java:comp/env/bonitaDS
javax.sql.DataSource
Container


java:comp/env/bonitaSequenceManagerDS
javax.sql.DataSource
Container


java:comp/env/RawBusinessDataDS
javax.sql.DataSource
Container


java:comp/env/BusinessDataDS
javax.sql.DataSource
Container


java:comp/env/NotManagedBizDataDS
javax.sql.DataSource
Container


index.html



bonita-http-api-url
/serverAPI/*


bonita-http-api


BASIC
Restricted access


bonita-http-api

Permalink

Submitted by isancosmed_1414508 on Fri, 03/20/2020 - 14:48
1
0
-1

Hi,

I've added those lines on my web.xml, but it didn't worked.

i still get that error:

Access to XMLHttpRequest at 'http://localhost:53100/bonita/logoutservice?redirect=false' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Thanks.

Comments

Submitted by bastien.laurent... on Fri, 03/20/2020 - 16:19

I have forget the 'space' between credential and true

cors.support.credentials true

Permalink
Submitted by isancosmed_1414508 on Fri, 03/20/2020 - 16:26

I added this to my web.xml in the filter tag of the cors:

cors.support.credentials true

The rest of the cors filter is the same as the bonita documentation

Permalink
Submitted by weglineduardo on Sun, 09/25/2022 - 17:46

Hi friend. Can you share here all the lines of code of your web.xml file? It would be of great help to me

Permalink
Submitted by weglineduardo on Mon, 09/26/2022 - 17:56

Hello Dibyajit.Roy.
Do you use the free version of Bonita Studio or is it a paid version?
On the other hand, if I use the line

cors.allowed.origins *
the Bonita studio api not running

If I use the line of code

cors.allowed.origins http://localhost:443
browser console writes

Access to XMLHttpRequest at 'http://localhost:8080/bonita/loginservice?username=walter.bates&password...' from origin 'http://localhost:443' has been blocked by CORS policy: Response to preflight request doesn 't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
any solution for this?

Permalink
Submitted by Dibyajit.Roy on Mon, 09/26/2022 - 18:06

Hello
I have used both Community and Subscription version.
I have been able to work with both types of bonita + Angular

I have used cors.allowed.origins '*' and it works fine.

Permalink
Notifications