Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0037627
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajoralways2018-01-12 11:192018-02-22 18:18
ReportermalsasuaView Statuspublic 
Assigned Tojarmendariz 
PrioritynormalResolutionfixedFixed in Version3.0PR18Q2
StatusclosedFix in branchFixed in SCM revision31ed5cfcd285
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0037627: AllowedCrossDomainsHandler.getInstance().setCORSHeaders is not executed calling to WebServices

DescriptionIf a call to one WebService is done using ajax, the
AllowedCrossDomainsHandler.getInstance().setCORSHeaders
is not executed, and error "No 'Access-Control-Allow-Origin'" is returned
Steps To Reproduce. implement class that it extends from AllowedCrossDomainsChecker (see [1] and attached class file)

. do a call to one WS using ajax or JS from Chrome developers tools, opening the page: jsbeautifier.org:
 . open chrome: url: http://jsbeautifier.org/ [^]
 . open chrome developers tools
 . execute in the console, this command:
prueba = function () {
var xhr = new XMLHttpRequest();
xhr.open("GET","http://localhost:8080/openbravo/ws/dal/Country?user=Openbravo&password=openbravo" [^]);
xhr.setRequestHeader('Content-Type', "appliation/json;charset=UTF-8");
xhr.send();
};
prueba();

Error is returned:
Failed to load http://localhost:8080/openbravo/ws/dal/Country?user=Openbravo&password=openbravo: [^] Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://jsbeautifier.org' [^] is therefore not allowed access.

[1] http://wiki.openbravo.com/wiki/Retail:Configuration_Guide#Allowed_Origin_Domains_Field_-_Cross_Domain_Requests [^]
Proposed Solutionfile:
/src/org/openbravo/service/web/BaseWebServiceServlet.java
add in line 71:
    AllowedCrossDomainsHandler.getInstance().setCORSHeaders(request, response);
TagsNo tags attached.
Attached Files? file icon ZendeskAllowedDomain.java [^] (982 bytes) 2018-01-12 11:19
patch file icon bug-37627.patch [^] (2,417 bytes) 2018-01-26 09:42 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
related to feature request 00343313.0PR17Q1 closedmtaal Support pre-defined allowed domains for cross-domain requests in a multi-server environment 

-  Notes
(0102144)
hgbot (developer)
2018-02-02 10:08

Repository: erp/devel/pi
Changeset: 31ed5cfcd28514f458237d536f97ef584ec9e56a
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Fri Jan 26 12:32:24 2018 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/31ed5cfcd28514f458237d536f97ef584ec9e56a [^]

Fixed bug 37627: Web services does not handle CORS properly.

Web service servlet does not handle CORS so cross-domain request would fail. Adding the CORS handler in the base servlet for web services.

---
M src/org/openbravo/service/web/BaseWebServiceServlet.java
---
(0102152)
caristu (developer)
2018-02-02 12:06

Code reviewed + tested OK.
(0102711)
hudsonbot (developer)
2018-02-22 18:18

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/980a6ad5bbf5 [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2018-01-12 11:19 malsasua New Issue
2018-01-12 11:19 malsasua Assigned To => platform
2018-01-12 11:19 malsasua File Added: ZendeskAllowedDomain.java
2018-01-12 11:19 malsasua Modules => Core
2018-01-12 11:19 malsasua Triggers an Emergency Pack => No
2018-01-19 12:12 alostale Status new => acknowledged
2018-01-22 17:53 jarmendariz Assigned To platform => jarmendariz
2018-01-22 17:53 jarmendariz Status acknowledged => scheduled
2018-01-26 09:42 jarmendariz File Added: bug-37627.patch
2018-01-26 09:48 jarmendariz Review Assigned To => caristu
2018-01-26 14:54 caristu Relationship added related to 0034331
2018-02-02 10:08 hgbot Checkin
2018-02-02 10:08 hgbot Note Added: 0102144
2018-02-02 10:08 hgbot Status scheduled => resolved
2018-02-02 10:08 hgbot Resolution open => fixed
2018-02-02 10:08 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/31ed5cfcd28514f458237d536f97ef584ec9e56a [^]
2018-02-02 12:06 caristu Note Added: 0102152
2018-02-02 12:06 caristu Status resolved => closed
2018-02-02 12:06 caristu Fixed in Version => 3.0PR18Q2
2018-02-22 18:18 hudsonbot Checkin
2018-02-22 18:18 hudsonbot Note Added: 0102711


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker