I am having this problem with the Integration Server where I am trying to call a REST service using Javascript from Mywebmethods OpenCAF Application where I am faced with the Same Origin Policy problem and i cant get the request to work.

Keep in mind that i added the Cross Origin Resource Sharing (CORS) headers in the server side service and still not working

I am using 9.9 Suite

Could you please share the watt settings related to CORS that you have enabled on IS extended settings please?

Here it is

Sorry. The screenshot does not show any CORS related watt settings. Could you please unhide them and then share the details please?

@Prasad Thank you for your help. I didnt know about the watt setting, and then I added the remaining settings, and now it works

Glad to note that

HI,

I have the same problem. I try to call a service with javascript. Because the website is on port 8585 and the service is on port 5555, the browser says:
XMLHttpRequest cannot load http://localhost:5555/rest/votingMachine/restServices/saveData?json=… Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:8585’ is therefore not allowed access. The response had HTTP status code 403.

I tried to add
watt.server.cors.enabled=true
watt.server.cors.allowedOrigins=http://localhost:8585

llike mentioned in previous posts, but it is still not working. Is there anything else, I have to configure first?

Try these:

Hi Prasad, would like to know your input on how to send a custom header when a client sends you a OPTIONS request. Basically, the ask is that they will send a custom header with a specific value with OPTIONS to the resource, we should confirm that we received that custom header value they sent with a second custom header value from this side.

eg: customer header: wh-request-origin: thisistest
we should send them with: wh-allowed-origin: thisistest

I posted this same request at some other place with no luck.

Hey @Kumar_Kumar

Sorry for late response. Have been busy and missed this post.

If you know all the fixed headers you are gonna used before hand, then use below to send in your request.

Access-Control-Allow-Headers: <header-name>[, <header-name>]*

In case, your headers are completely adhoc and not known before hand, then use below in your request:

Access-Control-Allow-Headers: *

On IS extended settings:
Use below when you know headers before hand:

watt.server.cors.supportedHeaders=<header-name>[, <header-name>]*

Use below when they are adhoc and you do not know before hand:

watt.server.cors.supportedHeaders=*

Thank you so much It finally works

Glad to note that it worked. But notice that “watt.server.cors.allowedOrigins” is “*” in the settings I provided, which means any origin can try to access your resources. Change it to have comma separated list of sources which are only allowed to access the resources on your IS.

is there a way to display external server log dsp page in a section of the main DSP page.
I tried doing it. but i got an issue with…

Load denied by X-Frame-Options: “SAMEORIGIN” from “http://xxxxx:5555/WmRoot/log-server-recent.dsp”, site does not permit cross-origin framing from “http://yyyy:5555/ESBServerLogs/DisplayServerLogs.dsp”

Can you please provide solution for this…or any other alternative.

Hi Sasikanth,

Do you have any CORS related settings enabled on your IS extended settings and you can also refer to the above mentioned settings.

Please try it out if that config works.

HTH,
RMG

got a response as

Blocked by X-Frame-Options Policy.

Please try to set the watt.server.cors.allowedOrigins as “*” and restart server. I hope it should work.