BIMserver
BIMserver copied to clipboard
opensourceBIM
bimserverjavascriptapi used cross domain
Hi,
I've been searching high and low, but cannot seem to solve my CORS issue when using the javascriptapi from another domain the bimserver is served from.
My Tomcat has its CORS configured to allow any domain, but when https://subdomain1.domain.com/bimserver/json gets called from https://subdomain2.domain.com/bimsurfer3/apps/minimal.html, I get a CORS error, and indeed, the response does not contain an Access-Control-Allow-Origin header.
Anyone an idea how I can make the bimserver API add CORS headers?
Any help greatly appreciated.
Kr, Michel.
The BIMserver JSON endpoint actually adds the Origin of the request to each response its Access-Control-Allow-Origin, unless it has specifically been disallowed in the BIMserver settings (which by default none are). So I am pretty sure it's Tomcat that is removing them.
Hi Ruben,
Thanks for the response.
We installed the latest versions of bimserver (1.5.181), bimsurfer3 (0.0.271) and bimserverapi (0.0.176).
We notice in the web.xml of bimserver a CORS entry:
We entered our origin in the white listed domains: portal-dev.genievision.com:443
Our tomcat has a single CORS filter:
Yet we still get: Access to XMLHttpRequest at 'https://bimserver-dev.genievision.com/BIMServer181/json' from origin 'https://portal-dev.genievision.com' has been blocked by CORS policy.
Any help greatly appreciated.
Kr, Michel.
From: Ruben de Laat [email protected] Sent: donderdag 30 januari 2020 10:18 To: opensourceBIM/BIMserver [email protected] Cc: Michel Liesmons [email protected]; Author [email protected] Subject: Re: [opensourceBIM/BIMserver] bimserverjavascriptapi used cross domain (#1099)
The BIMserver JSON endpoint actually adds the Origin of the request to each response its Access-Control-Allow-Origin, unless it has specifically been disallowed in the BIMserver settings (which by default none are). So I am pretty sure it's Tomcat that is removing them.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/opensourceBIM/BIMserver/issues/1099?email_source=notifications&email_token=ABAUWCG74RAYJKXFCAL44RDRAKLLRA5CNFSM4KNMPEUKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKKIJQY#issuecomment-580158659, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABAUWCFZ3DZMZ2JGTTWQHOLRAKLLRANCNFSM4KNMPEUA.
Hi,
I finally managed to get it working.
Our Tomcat is protected using BASIC authentication. Turns out that CORS sends a pre-flight OPTIONS request that the server is supposed to answer, and that needs anonymous access.
First thing I had to change was the web.xml of Tomcat to allow OPTIONS to be called anonymously:
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method-omission>OPTIONS</http-method-omission>
</web-resource-collection>
Second I needed to apply CORS responses for all resources: /*, not just /js/* in the web.xml of BIMServer:
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Third I needed to add Basic Autherization headers when calling /json and /stream endpoints in bimserverclient.js and bimserverapiwebsocket.js
HTH.
kr, Michel.
Hi Ruben,
I tested the latest versions of the Server (182), Surfer (272) and Java Script API (176) in above explained, remote setup.
I notice that the viewer on the server itself manages to render a revision, while the remote solution crashes into debugger at several moments for this same revision: frozenbufferset.js line 23 reuseloader.js line line 10
In the end the model is shown but rotating and zooming, most of the time, does not work (portal-dev.genievision.com-1581168125344.log).
Any idea what could be the cause?
Kr, Michel.
