- This topic has 3 replies, 2 voices, and was last updated 4 years, 5 months ago by
.
Viewing 3 reply threads
Viewing 3 reply threads
- You must be logged in to reply to this topic.
Tagged: CORS, SmartService
moctes.
moctesHi,
I’m struggling calling the webservices I have developed as smartservices, whenever I use some kind of authorization header from the browser ( fetch API, axios, etc ) the browser sends a PREFLIGHT REQUEST to the kbm server, I have traced the request to TkbmMWCustomSmartService.ProcessRequest on kbmMWCustomSmartService.pas, it hast the following check:
var
flags:TkbmMWSmartServiceMethodFlags;
begin
if not FSupport.CallMethod(self,Func,'','',ClientIdent,Args,RequestStream,Result,flags,ResponseTransportStream.RTTIAttributes) then
kbmMWRaiseException(KBMMW_ERR_SERVICENOTAVAIL,'Request not supported')
elseHere the value of Func is OPTIONS and it is raising the exception.
What can be done to support the CORS preflight request ?
moctesI tried to correct the wording to my post to make it clearer but it seems that it is not allowed, I will rewrite it below:
I’m struggling calling the webservices I have developed as smartservices, whenever I use some kind of authorization header (Basic, Bearer) from a request made from the browser ( using fetch API, axios, etc ) the browser sends a CORS PREFLIGHT REQUEST to the kbm server, and here is where the problem arises, I have traced down the request to TkbmMWCustomSmartService.ProcessRequest on kbmMWCustomSmartService.pas, as you can see it hast the following check:
var
flags:TkbmMWSmartServiceMethodFlags;
begin
if not FSupport.CallMethod(self,Func,'','',ClientIdent,Args,RequestStream,Result,flags,ResponseTransportStream.RTTIAttributes) then
kbmMWRaiseException(KBMMW_ERR_SERVICENOTAVAIL,'Request not supported')
elseAt this point the value of Func is OPTIONS and it is raising the exception.
What can be done to support the CORS preflight request ?
Edited: Redaction, I hope is better now
kimbomadsenHi,
kbmMW supports CORS out of the box.
Make sure that your service is based on HTTP SmartService (TkbmMWCustomHTTPSmartService) rather than just TkbmMWCustomSmartService.
Make sure that you do _not_ use the kbmMW_Service(…) flag STRICT (mwsfStrict). If you do, _only_ methods defined within the service is allowed.
The AJAXSimpleDemo shows how to setup CORS support.
Essentially, add an event handler to the OnCORS event of the service and tell the client what types of information is allowed like this:
procedure TMyHTTPSmartService1.MySmartHTTPServiceCORS(Sender: TObject;
const ARequestHelper, AResponseHelper: TkbmMWHTTPTransportStreamHelper;
const AOrigin: string; var AAllowedOrigins, AAllowedMethods,
AAllowedHeaders: string);
begin
// If to implement CORS.
Log.Info('Aorigin:%s',[AOrigin]);
AAllowedOrigins:=AOrigin;
// Allow what client asks for.
AAllowedHeaders:=ARequestHelper.
Header.
ValueByName[KBMMW_HTTP_REQUEST_HEADER_AccessControlRequestHeaders];
end;
/Kim
moctesI couldn’t afford to wait too many days for a response, so I took another route to get rid of the CORS requirement, I’ll take a look at it as soon as time allows.
Thank you anyway.