Cross-Origin Resource Sharing (CORS) affecting the development of OCL

Hello, community, I hope this finds you well, this is to bring to your notice that while we were developing the OCL for OpenMRS, we had some CORS challenges. This only happened when we tried to use the PUT method for adding existing CIEL concepts to a given dictionary.

We have tried to solve the issue via the frontend but unfortunately, we have not yet succeeded. We are thinking that this might be solved from the backend of the OclApi.

We would like to request for your contributions on how we can solve this CORS issue. cc @darius @paynejd @cintiadr @rubailly @dkayiwa @shakira210791 @christopherkala @emasys @efosa @tunmi @topseysuave
Thanks. Below are snapshots showing how CORS are affecting the PUT request.

With my CORS activated in the browser, everything works fine.

With CORS disabled it throws a CORS error

Hi @hadijah315, try setting headers when sending the request like this: https://github.com/expressjs/cors/issues/80#issue-163105336

If not read through this

Thanks @topseysuave, let me try that.

have you been able to figure it out @hadijah315

Not yet @efosa

Oh, CORS, so great.

So you want CORS enabled on api.qa.openconceptlab.org? This thing: https://enable-cors.org/server_nginx.html

On that case, I’d like @paynejd to confirm he’s fine with that. Also, please raise a jira ticket to ITSM project.

Will you want it as well in STG and PRD?

Yes indeed we would want it fixed every where, thanks @cintiadr

Note: that will not happen before the weekend.

Hello @cintiadr, I have created a ticket on ITSM Its in the backlog, you might check it out.

@hadijah315 it helps others not to waste time looking for it, if you always share the ticket id or url.

Thanks @dkayiwa let me attach it. This is the ticket link https://issues.openmrs.org/browse/ITSM-4156

Hello all, a ticket to solve the CORS has been created, you might want to look at it.

Are you actually making cross origin requests? If no, I wonder why it only fails for PUT? I’d imagine it should be failing even for the other http methods.

Your are right @wyclif , we were also wondering why PUT only yet GET and POST can work but we found out that Its possible for a PUT and DELETE to fail while GET and POST are working so there might be some configurations we need to make.

Okay, that make sense

@hadijah315 you were given some suggestions to try out on this thread. Can you explicitly report back that you tried A, B, or C and what the outcome was?

Thanks @dkayiwa, so the suggestion @topseysuave gave, I tried it this morning, it did not work, I actually had a sync with him but still it could not solve the CORS instead It crashed the whole application. So we decided to wait for other ideas on how we can go about it.

Tomcat has a way to granularly allow cross origin requests and am guessing nginx does too, you can google around on how to do it.

@hadijah315 FWIW, did you try a couple of links returned by googling with “Method PUT is not allowed by Access-Control-Allow-Methods in preflight response”?

Yes I did try some and it crashed.