Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0037627Openbravo ERPA. Platformpublic2018-01-12 11:192018-02-22 18:18
Reportermalsasua 
Assigned Tojarmendariz 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR18Q2 
Merge Request Status
Review Assigned Tocaristu
OBNetwork customerOBPS
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0037627: AllowedCrossDomainsHandler.getInstance().setCORSHeaders is not executed calling to WebServices
DescriptionIf a call to one WebService is done using ajax, the
AllowedCrossDomainsHandler.getInstance().setCORSHeaders
is not executed, and error "No 'Access-Control-Allow-Origin'" is returned
Steps To Reproduce. implement class that it extends from AllowedCrossDomainsChecker (see [1] and attached class file)

. do a call to one WS using ajax or JS from Chrome developers tools, opening the page: jsbeautifier.org:
 . open chrome: url: http://jsbeautifier.org/ [^]
 . open chrome developers tools
 . execute in the console, this command:
prueba = function () {
var xhr = new XMLHttpRequest();
xhr.open("GET","http://localhost:8080/openbravo/ws/dal/Country?user=Openbravo&password=openbravo" [^]);
xhr.setRequestHeader('Content-Type', "appliation/json;charset=UTF-8");
xhr.send();
};
prueba();

Error is returned:
Failed to load http://localhost:8080/openbravo/ws/dal/Country?user=Openbravo&password=openbravo: [^] Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://jsbeautifier.org' [^] is therefore not allowed access.

[1] http://wiki.openbravo.com/wiki/Retail:Configuration_Guide#Allowed_Origin_Domains_Field_-_Cross_Domain_Requests [^]
Proposed Solutionfile:
/src/org/openbravo/service/web/BaseWebServiceServlet.java
add in line 71:
    AllowedCrossDomainsHandler.getInstance().setCORSHeaders(request, response);
Additional Information
TagsNo tags attached.
Relationships
related to feature request 00343313.0PR17Q1 closed mtaal Support pre-defined allowed domains for cross-domain requests in a multi-server environment 
Attached Files? ZendeskAllowedDomain.java (982) 2018-01-12 11:19
https://issues.openbravo.com/file_download.php?file_id=11451&type=bug
patch bug-37627.patch (2,417) 2018-01-26 09:42
https://issues.openbravo.com/file_download.php?file_id=11492&type=bug
Issue History
Date ModifiedUsernameFieldChange
2018-01-12 11:19malsasuaNew Issue
2018-01-12 11:19malsasuaAssigned To => platform
2018-01-12 11:19malsasuaFile Added: ZendeskAllowedDomain.java
2018-01-12 11:19malsasuaOBNetwork customer => Yes
2018-01-12 11:19malsasuaModules => Core
2018-01-12 11:19malsasuaResolution time => 1517612400
2018-01-12 11:19malsasuaTriggers an Emergency Pack => No
2018-01-19 12:12alostaleStatusnew => acknowledged
2018-01-22 17:53jarmendarizAssigned Toplatform => jarmendariz
2018-01-22 17:53jarmendarizStatusacknowledged => scheduled
2018-01-26 09:42jarmendarizFile Added: bug-37627.patch
2018-01-26 09:48jarmendarizReview Assigned To => caristu
2018-01-26 14:54caristuRelationship addedrelated to 0034331
2018-02-02 10:08hgbotCheckin
2018-02-02 10:08hgbotNote Added: 0102144
2018-02-02 10:08hgbotStatusscheduled => resolved
2018-02-02 10:08hgbotResolutionopen => fixed
2018-02-02 10:08hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/31ed5cfcd28514f458237d536f97ef584ec9e56a [^]
2018-02-02 12:06caristuNote Added: 0102152
2018-02-02 12:06caristuStatusresolved => closed
2018-02-02 12:06caristuFixed in Version => 3.0PR18Q2
2018-02-22 18:18hudsonbotCheckin
2018-02-22 18:18hudsonbotNote Added: 0102711

Notes
(0102144)
hgbot   
2018-02-02 10:08   
Repository: erp/devel/pi
Changeset: 31ed5cfcd28514f458237d536f97ef584ec9e56a
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Fri Jan 26 12:32:24 2018 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/31ed5cfcd28514f458237d536f97ef584ec9e56a [^]

Fixed bug 37627: Web services does not handle CORS properly.

Web service servlet does not handle CORS so cross-domain request would fail. Adding the CORS handler in the base servlet for web services.

---
M src/org/openbravo/service/web/BaseWebServiceServlet.java
---
(0102152)
caristu   
2018-02-02 12:06   
Code reviewed + tested OK.
(0102711)
hudsonbot   
2018-02-22 18:18   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/980a6ad5bbf5 [^]
Maturity status: Test