Question

How to prevent CORS error when trying to do a POST to start an FME Server Job

  • 8 October 2019
  • 2 replies
  • 16 views
B

Good day,

 

 

I am trying to start a job on FME Server which works fine copy pasting the URL in a browser, in a Javascript application.

URL is like the following (some text replaced):

 

URL = "https://inspire-rather-wet-from-sweat.fmecloud.com/fmejobsubmitter/Tools/BetterWetfromSweat.fmw?SourceDataset_ARCGISFEATURES=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_knooppunten%2FFeatureServer&SourceDataset_ARCGISFEATURES_3=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_routes_snapped%2FFeatureServer&DestDataset_ARCGISPORTALFEATURES=https%3A%2F%2Fmaps.noord-holland.nl%2Fkaartenportaal&opt_showresult=false&opt_servicemode=sync&token=1234567890"

When I use this URL with in javascript, using the following snippet, I get a CORS error in Firefox and Chrome:

 

function startFmeServerJob(job_url) {

 

var xhr = new XMLHttpRequest();

 

 

var job_url = "https://inspire-rather-wet-from-sweat.fmecloud.com/fmejobsubmitter/Tools/BetterWetfromSweat.fmw?SourceDataset_ARCGISFEATURES=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_knooppunten%2FFeatureServer&SourceDataset_ARCGISFEATURES_3=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_routes_snapped%2FFeatureServer&DestDataset_ARCGISPORTALFEATURES=https%3A%2F%2Fmaps.noord-holland.nl%2Fkaartenportaal&opt_showresult=false&opt_servicemode=sync&token=1234567890"

 

 

xhr.open('POST', job_url, true);

 

 

//Send the proper header information along with the request

 

xhr.setRequestHeader('Access-Control-Allow-Origin', 'https://inspire-rather-wet-from-sweat.fmecloud.com');

 

 

 

xhr.onreadystatechange = function() {//Call a function when the state changes.

 

if(xhr.readyState == 4 && xhr.status == 200) {

 

alert(xhr.responseText);

 

}

 

};

 

xhr.send();

 

 

}

In FME server the following headers are allowed in the configuration part about CORS:

authorization, access-control-allow-origin, cookie, content-disposition, origin, x-requested-with, access-control-request-headers, content-type, access-control-request-method, cache-control, accept, Access-Control-Allow-Origin

 

The strange phenomenon was that the script did work in Internet Explorer, but not Chrome, Edge or Firefox.

 

I hope someone has an idea how fix the problem .

 

Kind regards,

 

Bart

 

 

2 replies

H
Badge +2

Hi @bmonne,

I'm not an expert in this area but two things you could try to help fix this. In the FME Web UI please could you navigate to Admin >System Configuration>Networking:

  • Can you change Support Credentials to True - this allows the requestor to include credentials to authorize with the FME Server such as tokens.
  • Under the CORS settings please could you change the value for Allowed Origins from * to https://inspire-rather-wet-from-sweat.fmecloud.com. An asterisk cannot be specified if any credentials are being passed.
B

Thanks for the suggestions: it turned out something was wrong in the xhr header:

 

We changed: 

 

xhr.setRequestHeader('Access-Control-Allow-Origin', 'https://inspire-rather-wet-from-sweat.fmecloud.com');

to:

 

xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

And now it works fine.

Best regards,

Bart

Reply


Community Stats

28,729
Posts
109,526
Replies
36,564
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.