You are viewing limited content. For full access, please sign in.

Question

Question

CMIS Gateway 10.2 issues 401 (Unauthorized) error and CORS policy

Laserfiche Version 10 SDK Empower Integrations
Updated February 25, 2020
asked on February 20, 2020

I'm attempting to run sample CMIS code which I copied from the Empower virtual machine to a dev web server.  In the beginning when running the code "cmis_sample_download-file.html" I was receiving a 401 (Unauthorized) error message in the Chrome Dev Console.  Since the code is sitting on another server and not the Laserfiche server I've set the Allow-Control-Allow-Origin header in IIS and have experimented with setting a HTTP authorization header in the sample code AJAX call to the Laserfiche server, however when I do this I receive an error

Access to XMLHttpRequest at 'http://user:pass@laserficheserver/lfcmis/browser/id1/root' from origin 'http://localhost:1974' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Running this same code directly on the Laserfiche server results in no error.

Any one have any hints they can point me to. 

Thanks in advance,

Mike

 

 

 

0 0

Replies

replied on February 20, 2020

The server needs to have a CORS headers that includes the source page in order to accept the request. The easiest way is to put the sample html on the CMIS server. You could also try hosting it on another server, but using FQDN to reference both machines. Finally, there's the option to modify the CMIS application to send the appropriate headers. There's an example here: https://enable-cors.org/server_iis7.html , but if this is publicly accessible you might not want the allow *.

1 0
replied on February 20, 2020

I have set the CORS HTTP headers in IIS under HTTP Response Headers for the LFCMIS site.  I can see these headers set in the HTTP Response headers in the Chrome Dev Tools

Below are the headers set up in IIS:

Access-Control-Allow-Origin" value="http://localhost:1974"

Access-Control-Allow-Methods" value="GET, HEAD, POST, OPTIONS"

Access-Control-Allow-Headers" value="Authorization, Origin, Content-Type"

Access-Control-Max-Age" value="86400"

0 0
replied on February 21, 2020

Maybe you are running into https://stackoverflow.com/questions/10883211/deadly-cors-when-http-localhost-is-the-origin ? In general, I recommend against using "localhost" unless it's absolutely required.

1 0
replied on February 25, 2020

I did give this a try but unfortunately same issue.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...