We have continued our investigations and worked around the problem by implementing the A4D_PostExecutionHook to populate the response header with the required headers to allow the cross origin request to our JSON API.
We now have no more rejection of the POST requests when the OPTIONs Method is issued by the angularjs front end and we see the POST request properly executed. Nevertheless we run into another problem then : Despite a valid sid value being properly populated either as a query string parm or a form variable during the post request, A4D does not seem to find the session and give access to it in the executable. It works fine if we issue a get request but not with if we issue a post request. If we test the session id value it is empty. If we access a session variable, a new session id is created that does not match the current session despite this not having expired or having been purged. It seems again related to the fact that an OPTIONs request followed by a POST request is made by the angularjs front end. What¹s wrong here ? Thanks -- Robert Ernens HCTBA Consulting Look2BookOnline - Web-à-la-Carte 4 Rés. Les Bois du Cerf 91450 Etiolles Tél.: +33.950.58.95.80 GSM : +33.611.78.44.68 Le 08/11/2014 21:00, « [email protected] » <[email protected]> a écrit : >Message: 1 >Date: Sat, 08 Nov 2014 19:56:28 +0100 >From: Robert Ernens <[email protected]> >To: "[email protected]" > <[email protected]> >Subject: [Active4d-dev] Issues with Cross Origin requests >Message-ID: <d08425ec.3b386%[email protected]> >Content-Type: text/plain; charset="ISO-8859-1" > >We are currently handling a development that involves an AngularJs web >application issuing CORS request to our 4D Active4D server (4D v12, Active >4D 6.0 still). > >We have set up an entry in the CORS.ini file to allow CORS request to only >active4D executables located in a given directory > >http://glctracker.golf-loisir-club.com/gps/ >origin = * >methods = GET, POST, PUT, DELETE > >We can?t get it to work and where forced to include in our executables a > >set response header("Access-Control-Allow-Origin"; "* ?) in order to get >the >GRT request to be accepted. > >But POST or PUT requests won?t work as Angularjs Ajax requests use an >OPTIONS request first and the request does not seem handled properly by >ACTIVE4D > >Below what Chrome developer console returns > >XMLHttpRequest cannot load >http://glctracker.golf-loisir-club.com/gps/caddyMasterAdd.a4d. No >'Access-Control-Allow-Origin' header is present on the requested resource. >Origin 'http://localhost:9000' is therefore not allowed access > >Below the content of the request header and response > >1. Request URL: >2. http://glctracker.golf-loisir-club.com/gps/caddyMasterAdd.a4d >3. >4. Request Method: >5. OPTIONS >6. >7. Status Code: >8. 200 OK >9. >10. Request Headersview source >>1. Accept: >>2. */* >>3. >>4. Accept-Encoding: >>5. gzip,deflate,sdch >>6. >>7. Accept-Language: >>8. fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 >>9. >>10. Access-Control-Request-Headers: >>11. accept, content-type >>12. >>13. Access-Control-Request-Method: >>14. POST >>15. >>16. Cache-Control: >>17. no-cache >>18. >>19. Connection: >>20. keep-alive >>21. >>22. Host: >>23. glctracker.golf-loisir-club.com >>24. >>25. Origin: >>26. http://localhost:9000 >>27. >>28. Pragma: >>29. no-cache >>30. >>31. Referer: >>32. http://localhost:9000/ >>33. >>34. User-Agent: >>35. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 >>(KHTML, >>like Gecko) Chrome/38.0.2125.111 Safari/537.36 >11. Response Headersview parsed >>1. HTTP/1.1 200 OK Server: 4D_v12/12.4.0 Date: Sat, 08 Nov 2014 18:17:11 >>GMT >>Content-Length: 0 Content-Type: text/html; charset=utf-8 > >What do we do that is wrong with CORS and ACTIVE 4D ? > >Thanks for your help _______________________________________________ Active4D-dev mailing list [email protected] http://list.aparajitaworld.com/listinfo/active4d-dev Archives: http://active4d-nabble.aparajitaworld.com/
