CORS problems

1
0
-1

Hi,

I have some error with my CORS configuration:
I already follow this link : https://documentation.bonitasoft.com/bonita/7.10/enable-cors-in-tomcat-bundle.
In my web.xml ( in my bonita.war) i have added:


CorsFilter
org.apache.catalina.filters.CorsFilter

cors.allowed.origins*

cors.allowed.methodsGET, HEAD, POST, PUT, DELETE, OPTIONS


cors.exposed.headersAccess-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token


cors.allowed.headersContent-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Bonita-API-Token

Just before the first filter.

I have restart my bundle, and try to access to Bonita through the code in the previous link.
This error occurred :

Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'null' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

So i have replace the wildcard '*' with my origin adress :

cors.allowed.originshttp://myoriginAdress

But, one other error occured:

Access to XMLHttpRequest at 'http://myBonitaServer:8085/bonita/loginservice' from origin 'http://myoriginAdress:8080' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

If someone can help me about that, that will be great :)

Regards,

2 answers

1
0
-1
This one is the BEST answer!

Resolve.

For information, i have added those lines in CorsFilter:

cors.support.credentialstrue

1
0
-1

Hi,

I've added those lines on my web.xml, but it didn't worked.

i still get that error:

Access to XMLHttpRequest at 'http://localhost:53100/bonita/logoutservice?redirect=false' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Thanks.

Comments

Submitted by bastien.laurent... on Fri, 03/20/2020 - 16:19

I have forget the 'space' between credential and true

cors.support.credentials true

Submitted by isancosmed_1414508 on Fri, 03/20/2020 - 16:26

I added this to my web.xml in the filter tag of the cors:

cors.support.credentialstrue

The rest of the cors filter is the same as the bonita documentation

Notifications