Cross-Origin Resource Sharing (CORS) affecting the development of OCL

(Hadijah Kyampeire) #1

Hello, community, I hope this finds you well, this is to bring to your notice that while we were developing the OCL for OpenMRS, we had some CORS challenges. This only happened when we tried to use the PUT method for adding existing CIEL concepts to a given dictionary.

We have tried to solve the issue via the frontend but unfortunately, we have not yet succeeded. We are thinking that this might be solved from the backend of the OclApi.

We would like to request for your contributions on how we can solve this CORS issue. cc @darius @paynejd @cintiadr @rubailly @dkayiwa @shakira210791 @christopherkala @emasys @efosa @tunmi @topseysuave
Thanks. Below are snapshots showing how CORS are affecting the PUT request.

With my CORS activated in the browser, everything works fine.

With CORS disabled it throws a CORS error

Developing the "OCL for OpenMRS" Application
(Gabriel Micah) #2

Hi @hadijah315, try setting headers when sending the request like this:

If not read through this

(Hadijah Kyampeire) #3

Thanks @topseysuave, let me try that.

(Efosa Okpugie) #4

have you been able to figure it out @hadijah315

(Hadijah Kyampeire) #5

Not yet @efosa

(Cintia Del Rio) #6

Oh, CORS, so great.

So you want CORS enabled on This thing:

On that case, I’d like @paynejd to confirm he’s fine with that. Also, please raise a jira ticket to ITSM project.

Will you want it as well in STG and PRD?

(Hadijah Kyampeire) #7

Yes indeed we would want it fixed every where, thanks @cintiadr

(Cintia Del Rio) #8

Note: that will not happen before the weekend.

(Hadijah Kyampeire) #9

Hello @cintiadr, I have created a ticket on ITSM Its in the backlog, you might check it out.

(Daniel Kayiwa) #10

@hadijah315 it helps others not to waste time looking for it, if you always share the ticket id or url.

(Hadijah Kyampeire) #11

Thanks @dkayiwa let me attach it. This is the ticket link

(Hadijah Kyampeire) #12

Hello all, a ticket to solve the CORS has been created, you might want to look at it.

(Wyclif Luyima) #13

Are you actually making cross origin requests? If no, I wonder why it only fails for PUT? I’d imagine it should be failing even for the other http methods.

(Hadijah Kyampeire) #14

Your are right @wyclif , we were also wondering why PUT only yet GET and POST can work but we found out that Its possible for a PUT and DELETE to fail while GET and POST are working so there might be some configurations we need to make.

(Wyclif Luyima) #15

Okay, that make sense

(Daniel Kayiwa) #16

@hadijah315 you were given some suggestions to try out on this thread. Can you explicitly report back that you tried A, B, or C and what the outcome was?

(Hadijah Kyampeire) #17

Thanks @dkayiwa, so the suggestion @topseysuave gave, I tried it this morning, it did not work, I actually had a sync with him but still it could not solve the CORS instead It crashed the whole application. So we decided to wait for other ideas on how we can go about it.

(Wyclif Luyima) #18

Tomcat has a way to granularly allow cross origin requests and am guessing nginx does too, you can google around on how to do it.

(Daniel Kayiwa) #19

@hadijah315 FWIW, did you try a couple of links returned by googling with “Method PUT is not allowed by Access-Control-Allow-Methods in preflight response”?

(Hadijah Kyampeire) #20

Yes I did try some and it crashed.