Skip to main content
Question

How to prevent CORS error when trying to do a POST to start an FME Server Job

B

Good day,

 

 

I am trying to start a job on FME Server which works fine copy pasting the URL in a browser, in a Javascript application.

URL is like the following (some text replaced):

 

URL = "https://inspire-rather-wet-from-sweat.fmecloud.com/fmejobsubmitter/Tools/BetterWetfromSweat.fmw?SourceDataset_ARCGISFEATURES=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_knooppunten%2FFeatureServer&SourceDataset_ARCGISFEATURES_3=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_routes_snapped%2FFeatureServer&DestDataset_ARCGISPORTALFEATURES=https%3A%2F%2Fmaps.noord-holland.nl%2Fkaartenportaal&opt_showresult=false&opt_servicemode=sync&token=1234567890"

When I use this URL with in javascript, using the following snippet, I get a CORS error in Firefox and Chrome:

 

function startFmeServerJob(job_url) {

 

var xhr = new XMLHttpRequest();

 

 

var job_url = "https://inspire-rather-wet-from-sweat.fmecloud.com/fmejobsubmitter/Tools/BetterWetfromSweat.fmw?SourceDataset_ARCGISFEATURES=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_knooppunten%2FFeatureServer&SourceDataset_ARCGISFEATURES_3=https%3A%2F%2Fgisservices.noord-holland.nl%2Fagsp%2Frest%2Fservices%2FHosted%2Fbu_helsinki_routes_snapped%2FFeatureServer&DestDataset_ARCGISPORTALFEATURES=https%3A%2F%2Fmaps.noord-holland.nl%2Fkaartenportaal&opt_showresult=false&opt_servicemode=sync&token=1234567890"

 

 

xhr.open('POST', job_url, true);

 

 

//Send the proper header information along with the request

 

xhr.setRequestHeader('Access-Control-Allow-Origin', 'https://inspire-rather-wet-from-sweat.fmecloud.com');

 

 

 

xhr.onreadystatechange = function() {//Call a function when the state changes.

 

if(xhr.readyState == 4 && xhr.status == 200) {

 

alert(xhr.responseText);

 

}

 

};

 

xhr.send();

 

 

}

In FME server the following headers are allowed in the configuration part about CORS:

authorization, access-control-allow-origin, cookie, content-disposition, origin, x-requested-with, access-control-request-headers, content-type, access-control-request-method, cache-control, accept, Access-Control-Allow-Origin

 

The strange phenomenon was that the script did work in Internet Explorer, but not Chrome, Edge or Firefox.

 

I hope someone has an idea how fix the problem .

 

Kind regards,

 

Bart

 

 

2 replies

H
Forum|alt.badge.img+2

Hi @bmonne,

I'm not an expert in this area but two things you could try to help fix this. In the FME Web UI please could you navigate to Admin >System Configuration>Networking:

  • Can you change Support Credentials to True - this allows the requestor to include credentials to authorize with the FME Server such as tokens.
  • Under the CORS settings please could you change the value for Allowed Origins from * to https://inspire-rather-wet-from-sweat.fmecloud.com. An asterisk cannot be specified if any credentials are being passed.
B
  • bmonne
  • Author
  • October 10, 2019

Thanks for the suggestions: it turned out something was wrong in the xhr header:

 

We changed: 

 

xhr.setRequestHeader('Access-Control-Allow-Origin''https://inspire-rather-wet-from-sweat.fmecloud.com');

to:

 

xhr.setRequestHeader('Content-Type''application/x-www-form-urlencoded');

And now it works fine.

Best regards,

Bart

Reply


Helpful Members This Week

Community Stats

31,106
Posts
117,932
Replies
38,859
Members

Latest FME

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.