How to prevent CORS error when trying to do a POST to start an FME Server Job

Question

Good day,

I am trying to start a job on FME Server which works fine copy pasting the URL in a browser, in a Javascript application.

URL is like the following (some text replaced):

URL = "https://inspire-rather-wet-from-sweat.fmecloud.com/fmejobsubmitter/Tools/BetterWetfromSweat.fmw?SourceDataset_ARCGISFEATURES=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_knooppunten%2FFeatureServer&SourceDataset_ARCGISFEATURES_3=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_routes_snapped%2FFeatureServer&DestDataset_ARCGISPORTALFEATURES=https%3A%2F%2Fmaps.noord-holland.nl%2Fkaartenportaal&opt_showresult=false&opt_servicemode=sync&token=1234567890"

When I use this URL with in javascript, using the following snippet, I get a CORS error in Firefox and Chrome:

function startFmeServerJob(job_url) {

var xhr = new XMLHttpRequest();

var job_url = "https://inspire-rather-wet-from-sweat.fmecloud.com/fmejobsubmitter/Tools/BetterWetfromSweat.fmw?SourceDataset_ARCGISFEATURES=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_knooppunten%2FFeatureServer&SourceDataset_ARCGISFEATURES_3=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_routes_snapped%2FFeatureServer&DestDataset_ARCGISPORTALFEATURES=https%3A%2F%2Fmaps.noord-holland.nl%2Fkaartenportaal&opt_showresult=false&opt_servicemode=sync&token=1234567890"

xhr.open('POST', job_url, true);

//Send the proper header information along with the request

xhr.setRequestHeader('Access-Control-Allow-Origin', 'https://inspire-rather-wet-from-sweat.fmecloud.com');

xhr.onreadystatechange = function() {//Call a function when the state changes.

if(xhr.readyState == 4 && xhr.status == 200) {

alert(xhr.responseText);

}

};

xhr.send();

}

In FME server the following headers are allowed in the configuration part about CORS:

authorization, access-control-allow-origin, cookie, content-disposition, origin, x-requested-with, access-control-request-headers, content-type, access-control-request-method, cache-control, accept, Access-Control-Allow-Origin

The strange phenomenon was that the script did work in Internet Explorer, but not Chrome, Edge or Firefox.

I hope someone has an idea how fix the problem .

Kind regards,

Bart

Page 1 / 1

Hi @bmonne,

I'm not an expert in this area but two things you could try to help fix this. In the FME Web UI please could you navigate to Admin >System Configuration>Networking:

Can you change Support Credentials to True - this allows the requestor to include credentials to authorize with the FME Server such as tokens.
Under the CORS settings please could you change the value for Allowed Origins from * to https://inspire-rather-wet-from-sweat.fmecloud.com. An asterisk cannot be specified if any credentials are being passed.

Thanks for the suggestions: it turned out something was wrong in the xhr header:

We changed:

xhr.setRequestHeader('Access-Control-Allow-Origin', 'https://inspire-rather-wet-from-sweat.fmecloud.com');

to:

xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

And now it works fine.

Best regards,

Bart

Reply

hollyatsafe · Answer

Hi @bmonne,I'm not an expert in this area but two things you could try to help fix this. In the FME Web UI please could you navigate to Admin >System Configuration>Networking:Can you change Support Credentials to True - this allows the requestor to include credentials to authorize with the FME Server such as tokens. Under the CORS settings please could you change the value for Allowed Origins from * to https://inspire-rather-wet-from-sweat.fmecloud.com. An asterisk cannot be specified if any credentials are being passed.

Reply

Community Stats

Sign up

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Scanning file for viruses.

This file cannot be downloaded