I'm using play 2.4 to make a public REST API. I added the CORS filter allowing all origins and headers.
See from application.conf:
play.filters {
# CORS filter configuration
cors {
# The path prefixes to filter.
pathPrefixes = ["/"]
# The allowed origins. If null, all origins are allowed.
allowedOrigins = null
# The allowed HTTP methods. If null, all methods are allowed
allowedHttpMethods = null
# The allowed HTTP headers. If null, all headers are allowed.
allowedHttpHeaders = null
# The exposed headers
exposedHeaders = []
# Whether to support credentials
supportsCredentials = true
# The maximum amount of time the CORS meta data should be cached by the client
preflightMaxAge = 1 hour
}
}
It works perfectly fine when I call the API from a classic browser (chrome/firefox tested), regardless of the origin as I allowed all.
BUT when I try to call it form a cordova application (in cordova apps, the origin of ajax requests are file://), I get a CORS error: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'file://' is therefore not allowed access. The response had HTTP status code 403. As if I didn't allow origin 'file://'
I tried to consume another API that allows CORS (GET /) to check if it wasn't cordova that blocked the request but it worked fine. So I guess the problem es from Play.
I tried to set allowedOrigins = ["file://"] but it doesn't work either...
Any help please?
EDIT: This isn't a duplicate of Cross origin GET from local file:// : I can't install a webserver as this is a cordova application. The files are served from the phone/tablet file system to the WebView. This is a Play framework specific question, I used to have no problems with an older version. Maybe the default CorsFilter can be modified to allow origin file://
EDIT 2: After it's been requested, here's the (very simple) code I use for my custom scala filter.
// CORSFilter.scala
package filters
import play.api.libs.concurrent.Execution.Implicits.defaultContext
import play.api.mvc._
import play.mvc.Http
/**
* Allow CORS from anywhere, any method
*/
class CORSFilter extends EssentialFilter {
def apply(nextFilter: EssentialAction) = new EssentialAction {
def apply(requestHeader: RequestHeader) = {
nextFilter(requestHeader)
.map { result =>
if (requestHeader.method.equals("OPTIONS")) {
Results.Ok.withHeaders(
Http.HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN -> "*",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_HEADERS -> "X-Requested-With, Accept, Content-Type",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_METHODS -> "HEAD,GET,POST,PUT,PATCH,DELETE")
} else {
result.withHeaders(
Http.HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN -> "*",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_HEADERS -> "X-Requested-With, Accept, Content-Type",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_METHODS -> "HEAD,GET,POST,PUT,PATCH,DELETE",
Http.HeaderNames.ACCESS_CONTROL_EXPOSE_HEADERS -> "X-Custom-Header-To-Expose")
}
}
}
}
}
Note that I only use this in development mode and it has some issues. For exemple if an exception is not caught at runtime, the response won't have the CORS headers because the filter is not applied. But if this is for a cordova application, it should work fine enough.
I'm using play 2.4 to make a public REST API. I added the CORS filter allowing all origins and headers.
See from application.conf:
play.filters {
# CORS filter configuration
cors {
# The path prefixes to filter.
pathPrefixes = ["/"]
# The allowed origins. If null, all origins are allowed.
allowedOrigins = null
# The allowed HTTP methods. If null, all methods are allowed
allowedHttpMethods = null
# The allowed HTTP headers. If null, all headers are allowed.
allowedHttpHeaders = null
# The exposed headers
exposedHeaders = []
# Whether to support credentials
supportsCredentials = true
# The maximum amount of time the CORS meta data should be cached by the client
preflightMaxAge = 1 hour
}
}
It works perfectly fine when I call the API from a classic browser (chrome/firefox tested), regardless of the origin as I allowed all.
BUT when I try to call it form a cordova application (in cordova apps, the origin of ajax requests are file://), I get a CORS error: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'file://' is therefore not allowed access. The response had HTTP status code 403. As if I didn't allow origin 'file://'
I tried to consume another API that allows CORS (GET https://public.opencpu/ocpu/library/) to check if it wasn't cordova that blocked the request but it worked fine. So I guess the problem es from Play.
I tried to set allowedOrigins = ["file://"] but it doesn't work either...
Any help please?
EDIT: This isn't a duplicate of Cross origin GET from local file:// : I can't install a webserver as this is a cordova application. The files are served from the phone/tablet file system to the WebView. This is a Play framework specific question, I used to have no problems with an older version. Maybe the default CorsFilter can be modified to allow origin file://
EDIT 2: After it's been requested, here's the (very simple) code I use for my custom scala filter.
// CORSFilter.scala
package filters
import play.api.libs.concurrent.Execution.Implicits.defaultContext
import play.api.mvc._
import play.mvc.Http
/**
* Allow CORS from anywhere, any method
*/
class CORSFilter extends EssentialFilter {
def apply(nextFilter: EssentialAction) = new EssentialAction {
def apply(requestHeader: RequestHeader) = {
nextFilter(requestHeader)
.map { result =>
if (requestHeader.method.equals("OPTIONS")) {
Results.Ok.withHeaders(
Http.HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN -> "*",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_HEADERS -> "X-Requested-With, Accept, Content-Type",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_METHODS -> "HEAD,GET,POST,PUT,PATCH,DELETE")
} else {
result.withHeaders(
Http.HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN -> "*",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_HEADERS -> "X-Requested-With, Accept, Content-Type",
Http.HeaderNames.ACCESS_CONTROL_ALLOW_METHODS -> "HEAD,GET,POST,PUT,PATCH,DELETE",
Http.HeaderNames.ACCESS_CONTROL_EXPOSE_HEADERS -> "X-Custom-Header-To-Expose")
}
}
}
}
}
Note that I only use this in development mode and it has some issues. For exemple if an exception is not caught at runtime, the response won't have the CORS headers because the filter is not applied. But if this is for a cordova application, it should work fine enough.
Share Improve this question edited May 23, 2017 at 11:54 CommunityBot 11 silver badge asked Sep 10, 2015 at 18:22 SebTSebT 4721 gold badge4 silver badges15 bronze badges 9- What does your cordova implementation code look like? – Justin Commented Sep 10, 2015 at 18:26
- 1 Hi, this is a duplicate of: stackoverflow./questions/8192159/… – Saar Commented Sep 10, 2015 at 18:26
- @Saar I flagged it for you :) – Keith M Commented Sep 10, 2015 at 18:27
- Install a local web server....there are lots of ways to do it and it doesn't take long – charlietfl Commented Sep 10, 2015 at 18:46
- This isn't a duplicate Saar, my question is play specific. I just want to authorize requests from origin file://, which used to work in older versions. I can't install a local server as this is a cordova application charlitfl, filed are served from the mobile file system to the WebView – SebT Commented Sep 11, 2015 at 8:22
1 Answer
Reset to default 9Ok, the problem es from this line of code in the Play framework: https://github./playframework/playframework/blob/master/framework/src/play-filters-helpers/src/main/scala/play/filters/cors/AbstractCORSPolicy.scala#L322
As the URI is 'file://', the domain/host of the URI is null so new URI throws an error and then Play returns a 403 error. To fix this we need to patch the framework or try to change the origin to 'file://'.
I found a workaround for my use case: disable CORS on Play. Then when I use ajax from my cordova app, the origin isn't checked.
The problem with this workaround is that if I want to enable CORS on my Play project for any reason, the cordova app won't work since Play will check the origin and reject it.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1743624232a4480275.html
评论列表(0条)