CODEWITHSUNDEEP
javascriptjavaajaxspringcors
neverwinter
neverwinter

Reputation: 810

access CORS during ajax restful ws call in Chrome

I have web-based project fully written in jquery and js. In client side I am call in restful webservices via ajax like that

 $.ajax({
    type: 'GET',
    timeout: 1000000000,
    headers: { 'Access-Control-Allow-Origin': '*' },
    url: serverName + '/getAlerts/',
    data: {}, 
    dataType: "text", 
    success: function (data) {
        $scope.alerts = JSON.parse(data);
        $scope.$apply();
    },
    error: function (data) {
        alert(errServiceCall); 
    }
});

In server side, restful webservices created in Spring. example function is like that

@RequestMapping(value = "/services/getAlerts", method = RequestMethod.GET, produces = "application/json; charset=UTF-8")
@ResponseBody
public String getAlerts(HttpServletRequest request) throws JSONException, IOException, SQLException {
    return "hello it's me";
}

In that case, when I tried the call that function on Chrome, I am getting the error below

(index):374 Refused to connect to 'http://servername/services/getAlerts/' because it violates the following Content Security Policy directive: "connect-src 'self'".

Bu if I paste the the restful url (http://servername/services/getAlerts) in chrome address bar, it successfully returns the result.

I suggest it's about CORS (Cross-Origin Resource Sharing) so I added the code

headers: { 'Access-Control-Allow-Origin': '*' },

in my ajax code block. But it is not worked.

So I tried to add @CrossOrigin parameter above the function at server side like that

@CrossOrigin
@RequestMapping(value = "/services/getAlerts", method = RequestMethod.GET, produces = "application/json; charset=UTF-8")
@ResponseBody
public String getAlerts(HttpServletRequest request) throws JSONException, IOException, SQLException {
    return "hello it's me";
}

But in that case I am getting the error below at compile time (Java version 1.6 + spring version 4.3.12)

annotation org.springframework.web.bind.annotation.CrossOrigin is missing < clinit>

How can I fix that CORS problem in shortest way?

P.S: All process works perfectly in IE when I open CORS from Internet Options -> Security -> Custom Level -> Miscellaneous -> Access data sources across domains (set enable)

Upvotes: 0

Views: 794

Answers (2)

neverwinter
neverwinter

Reputation: 810

I added the code below to virtualhost config file in unix WAS request server which includes restful webservices created in spring framework, and it fixed my problem. Now without any browser configuration, I can call ajax function at client-side without CORS problem.

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-csrftoken"
Header always set Access-Control-Allow-Credentials "true"

If you want to deep-dive in that configuration, you can visit that page It is helpful.

Upvotes: 1

cretthie
cretthie

Reputation: 349

Did you add 

$.ajax({
    ....
    xhrFields: {withCredentials: true},
    ....
}

in the ajax method

Upvotes: 0

Related Questions