Hi Juan, It looks like many of the most important response headers are missing. The REST API should send back a response like this:
Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: [url-of-UI-or-client] Access-Control-Expose-Headers: Authorization, expires, Location, Content-Disposition, WWW-Authenticate, Set-Cookie, X-Requested-With, DSPACE-XSRF-TOKEN However, as detailed in https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-%22XMLHttpRequest..hasbeenblockedbyCORSpolicy%22or%22CORSerror%22or%22InvalidCORSrequest%22 the REST API will ONLY TRUST clients which are listed in the "rest.cors.allowed-origins" configuration on the backend. By default this configuration only includes the "dspace.ui.url" setting on the backend. So, if either of those configurations are incorrect in your local.cfg, then the REST API will not trust the client/UI and will refuse to send back any "Access-Control-*" headers. When the required "Access-Control-*" headers are missing, this results in a CORS error. So, either your local.cfg is incorrect, or something is blocking those headers from being returned from the REST API. As suggested in that guide, you should also look for errors in Tomcat logs, as those can sometimes result in headers being blocked, resulting in a CORS error. If you want to see what a functioning UI & API looks like, you can look at our demo site at https://demo7.dspace.org/ and use your Browser's DevTools to see the requests/responses sent to the demo site backend at https://api7.dspace.org/server/. Tim On Thursday, January 27, 2022 at 11:00:28 AM UTC-6 Juan Corrales Correyero wrote: > Thanks Tim, > > > I think that we have implemented these suggestions. I have added now the > "X-Forwarded-Proto: https" directive to the Apache client and server sites > configuration without success. > > > The request headers contain: > > Sec-Fetch-Site: same-site > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > > and the > https://emimasd.consorciomadrono.es/server/api/workflow/workflowitems?projection=full > > file have not the 'Access-Control-Allow-Origin' in their header. > > I don't know if this is correct. > > > > -- > Juan Corrales Correyero > Ingeniero de Software del Consorcio Madroño > Tel.: 913986162 > UNED-Edificio Biblioteca > Pº Senda del Rey, 5 (acceso fachada trasera) > 28040 Madrid > España > > El 27/1/22 a las 17:07, 'Tim Donohue' via DSpace Community escribió: > > Hi Juan, > > In our Installation Documentation, we have a section of "Common > Installation Issues", and the CORS errors is one of those. Please take a > look at the suggestions provided there and see if they help solve your > issue: > > https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-%22XMLHttpRequest..hasbeenblockedbyCORSpolicy%22or%22CORSerror%22or%22InvalidCORSrequest%22 > > Let us know on this list if you have further questions. > > Tim > ------------------------------ > *From:* [email protected] <[email protected]> on > behalf of Juan Corrales Correyero <[email protected]> > *Sent:* Thursday, January 27, 2022 9:56 AM > *To:* [email protected] <[email protected]> > *Subject:* Re: [dspace-community] CORS problem adding a new item with > DSpace 7.1.1 > > > Hi, > > sorry I has forgotten the CORS error message and the workflowitems > header: > Access to XMLHttpRequest at ' > https://emimasd.consorciomadrono.es/server/api/workflow/workflowitems?projection=full' > > from origin 'https://emimasdcl.consorciomadrono.es' has been blocked by > CORS policy: No 'Access-Control-Allow-Origin' header is present on the > requested resource. > > And the file header is > > <!DOCTYPE html><html lang="en"><head> > <meta charset="UTF-8"> > <base href="/"> > <title>DSpace Angular :: Edit Submission</title> > <meta name="viewport" content="width=device-width,minimum-scale=1"> > <link rel="icon" type="image/x-icon" href="assets/images/favicon.ico"> > <link rel="stylesheet" href="styles.0324863878df4752a58c.css"><style > ng-transition="dspace-angular"></style> > <link rel="stylesheet" type="text/css" class="theme-css" > href="/emimasd-theme.css"><style ng-transition="dspace-angular">[__STYLE > DIRECTIVES__]</style></head> > > Best! > > -- > Juan Corrales Correyero > Ingeniero de Software del Consorcio Madroño > Tel.: 913986162 > UNED-Edificio Biblioteca > Pº Senda del Rey, 5 (acceso fachada trasera) > 28040 Madrid > España > > El 27/1/22 a las 14:07, Juan Corrales Correyero escribió: > > Hi all, > > We have a DSpace 7.1.1. test installation but we are not able to create > new items from the url https://emimasdcl.consorciomadrono.es > > We can login in the system and create communities and collections. > > Some idea of the failure razon?. > > Here are some configuration and debug information: > > * Apache client configuration:* > > SSLEngine on > ServerName emimasdcl.consorciomadrono.es > ProxyPass / http://localhost:4000/ > ProxyPassReverse / http://localhost:4000/ > > *Apache server:* > > Header set Access-Control-Allow-Credentials true > SSLEngine on > ServerName emimasd.consorciomadrono.es > ProxyPass /server ajp://localhost:8009/server > ProxyPassReverse /server ajp://localhost:8009/server > > > *dspace.cfg* > > dspace.server.url = https://emimasd.consorciomadrono.es/server > dspace.ui.url = https://emimasdcl.consorciomadrono.es > > > > *After some time, we have a timeout error in the tomcat logs* > > [Thu Jan 27 13:59:01.261278 2022] [proxy_ajp:error] [pid 901369] > (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() > can't receive header > [Thu Jan 27 13:59:01.261472 2022] [proxy_ajp:error] [pid 901369] [client > 10.205.0.165:60440] AH00992: ajp_read_header: ajp_ilink_receive failed, > referer: https://emimasdcl.consorciomadrono.es/ > [Thu Jan 27 13:59:01.261567 2022] [proxy_ajp:error] [pid 901369] > (70007)The timeout specified has expired: [client 10.205.0.165:60440] > AH00878: read response failed from 127.0.0.1:8009 (localhost), referer: > https://emimasdcl.consorciomadrono.es/ > 10.205.0.165 - - [27/Jan/2022:13:54:01 +0100] "PATCH > /server/api/submission/workspaceitems/93 HTTP/1.1" 500 849 > "https://emimasdcl.consorciomadrono.es/"; > <https://emimasdcl.consorciomadrono.es/> "Mozilla/5.0 (X11; Linux x86_64) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36" > > > *Request headers:* > > PATCH /server/api/submission/workspaceitems/93 HTTP/1.1 > Host: emimasd.consorciomadrono.es > Connection: keep-alive > Content-Length: 233 > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97" > X-CORRELATION-ID: b27d46cc-64e8-4221-92a8-612c34354097 > X-XSRF-TOKEN: 2ba80da1-9f0b-4435-832d-96fff9dd4109 > X-REFERRER: /workspaceitems/93/edit > Accept-Language: > es;q=1,en-GB;q=0.1,es-ES;q=0.09,es;q=0.08,fr-FR;q=0.06999999999999999,en-US;q=0.06,en;q=0.05,fr;q=0.04 > sec-ch-ua-mobile: ?0 > authorization: Bearer > eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJjNjlhMGRjNC1kZmFkLTRhMzUtOTc0NC1iNzJlMDI5NTkxOGMiLCJzZyI6W10sImV4cCI6MTY0MzI4OTU4OX0.XQm8WLHra0aFzjs96GBsGr9INV_S7Mz4rDG6-F11vFM > Content-Type: application/json; charset=UTF-8 > Accept: application/json, text/plain, */* > User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/97.0.4692.71 Safari/537.36 > sec-ch-ua-platform: "Linux" > Origin: https://emimasdcl.consorciomadrono.es > Sec-Fetch-Site: same-site > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://emimasdcl.consorciomadrono.es/ > Accept-Encoding: gzip, deflate, br > Cookie: > MyHalBrowserToken=eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJjNjlhMGRjNC1kZmFkLTRhMzUtOTc0NC1iNzJlMDI5NTkxOGMiLCJzZyI6W10sImV4cCI6MTY0MzI4ODQ5OH0.ifQkLGM7dwXJqDl8QdZV6CsV08mGe6oM8eXFYyakD0U; > > MyHalBrowserCsrfToken=45965169-f7a3-4c3a-a760-ee794c0615dd; > DSPACE-XSRF-COOKIE=2ba80da1-9f0b-4435-832d-96fff9dd4109 > > *The response headers:* > > HTTP/1.1 500 Internal Server Error > Date: Thu, 27 Jan 2022 12:54:01 GMT > Server: Apache/2.4.48 (Ubuntu) > Content-Length: 635 > Connection: close > Content-Type: text/html; charset=iso-8859-1 > > *More network connection information:* > > fetch( > "https://emimasd.consorciomadrono.es/server/api/submission/workspaceitems/93"; > <https://emimasd.consorciomadrono.es/server/api/submission/workspaceitems/93>, > > { > "headers": { > "accept": "application/json, text/plain, */*", > "accept-language": > "es;q=1,en-GB;q=0.1,es-ES;q=0.09,es;q=0.08,fr-FR;q=0.06999999999999999,en-US;q=0.06,en;q=0.05,fr;q=0.04", > "authorization": "Bearer > eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJjNjlhMGRjNC1kZmFkLTRhMzUtOTc0NC1iNzJlMDI5NTkxOGMiLCJzZyI6W10sImV4cCI6MTY0MzI4OTU4OX0.XQm8WLHra0aFzjs96GBsGr9INV_S7Mz4rDG6-F11vFM", > "cache-control": "no-cache", > "content-type": "application/json; charset=UTF-8", > "pragma": "no-cache", > "sec-ch-ua": "\" Not;A Brand\";v=\"99\", \"Google Chrome\";v=\"97\", > \"Chromium\";v=\"97\"", > "sec-ch-ua-mobile": "?0", > "sec-ch-ua-platform": "\"Linux\"", > "sec-fetch-dest": "empty", > "sec-fetch-mode": "cors", > "sec-fetch-site": "same-site", > "x-correlation-id": "b27d46cc-64e8-4221-92a8-612c34354097", > "x-referrer": "/workspaceitems/93/edit", > "x-xsrf-token": "2ba80da1-9f0b-4435-832d-96fff9dd4109" > }, > "referrer": "https://emimasdcl.consorciomadrono.es/"; > <https://emimasdcl.consorciomadrono.es/>, > "referrerPolicy": "strict-origin-when-cross-origin", > "body": > "[{\"op\":\"add\",\"path\":\"/sections/traditionalpagetwo/dc.description.abstract\",\"value\":[{\"value\":\"Esto > > es un abstract\",\"language\":null,\"authority\":null,\"display\":\"Esto es > un abstract\",\"confidence\":-1,\"place\":0,\"otherInformation\":null}]}]", > "method": "PATCH", > "mode": "cors", > "credentials": "include" > }); > > Best! > > Juan > > -- > Juan Corrales Correyero > Ingeniero de Software del Consorcio Madroño > Tel.: 913986162 > UNED-Edificio Biblioteca > Pº Senda del Rey, 5 (acceso fachada trasera) > 28040 Madrid > España > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-community/fd3151df-0305-3e65-4519-adc74c1ce9ed%40consorciomadrono.es > > <https://groups.google.com/d/msgid/dspace-community/fd3151df-0305-3e65-4519-adc74c1ce9ed%40consorciomadrono.es?utm_medium=email&utm_source=footer> > . > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-community/95c8ce86-6ea0-e676-718f-ecc94a85030f%40consorciomadrono.es > > <https://groups.google.com/d/msgid/dspace-community/95c8ce86-6ea0-e676-718f-ecc94a85030f%40consorciomadrono.es?utm_medium=email&utm_source=footer> > . > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-community/BN6PR2201MB11371743504AF58FD982DE85ED219%40BN6PR2201MB1137.namprd22.prod.outlook.com > > <https://groups.google.com/d/msgid/dspace-community/BN6PR2201MB11371743504AF58FD982DE85ED219%40BN6PR2201MB1137.namprd22.prod.outlook.com?utm_medium=email&utm_source=footer> > . > > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/42608871-63c8-46a4-95ec-bb06dc020e40n%40googlegroups.com.
