2 Replies Latest reply on Mar 31, 2019 6:27 AM by 804342

    Cross Origins Issue

    804342
    804342 Mar 25, 2019 5:26 AM

      Hello, I followed blog ( https://developer.oracle.com/databases/building-jet-crud-apps-odb12c ) to invoke rest web service  but am getting  CORS error ( refer below).  Have installed ORDS within sql developer ( version 18.1.0.095) and rest service works and returns json output. I tried setting "Origins Allowed"  at module level but still it gives gives the same error.

       

       

      Can you please guide as how to setup the access control across domains in ORDS.

       

      Thanks in advance.

       

      Error :

       

       

      Access to XMLHttpRequest at 'http://localhost:8080/ords/apps/hr/department/555' from origin 'http://localhost:8383' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

      • 895 Views
      • Tags:
        • 1. Re: Cross Origins Issue
          Erik Raetz
          Erik Raetz Mar 27, 2019 2:11 PM (in response to 804342)

          I am not sure if CORS Requests can be solved without using plsql/block source type handler.

          If you do you can write your own output response including HTTP headers and HTTP status code.

          In a plsql/block source handler you can use the OWA_UTIL package to write your own header.

          It allows you to add the needed headers that allow cross origin access.

           

          Example:

           

            BEGIN

              ljson := '{}';

              lhttpstatuscode := 200;

              lhttpstatuscodetext := NULL;

              OWA_UTIL.STATUS_LINE(

                nstatus => lhttpstatuscode,

                creason => lhttpstatuscodetext,

                bclose_header => FALSE);

              OWA_UTIL.MIME_HEADER(

                ccontent_type => 'application/json',

                bclose_header => FALSE,

                ccharset => 'utf-8'

              );

              --headers need newline make sure to use htp.p!

              htp.p('X-My-Own-Http-Header-Here: 1234');

              htp.p('Access-Control-Allow-Origin: https://developer.mozilla.org');

              OWA_UTIL.HTTP_HEADER_CLOSE;

              --print json (important, if json is of type CLOB you need to use DBMS_LOB to loop over the CLOB

              --use htp.prn to print without newline!

              htp.prn(ljson);

            END;

          • 2. Re: Cross Origins Issue
            804342
            804342 Mar 31, 2019 6:27 AM (in response to Erik Raetz)

            Thanks for the response. But it didn't work.