Modify the Access-Control-Allow-Origin header?

[Dev1]

Hi,

I'm attempting to develop a web site that integrates with OTRS, as part of this I need to call some web services that I have configured in OTRS. I've followed the OTRS manual and configured the web services (including the user & password) correctly. My dev environment is my host machine (Windows 7) with my dev tools on and OTRS installed on a Virtual Machine (Windows Server 2012) hosted on the same machine. My environment means that I am calling the services across domains (and this is how it would work in production). This is causing me an issue;

When I call the web service, it succeeds with a 200 OK Status, this call also returns a valid populated SOAP message. However in the browser I receive an error and can't get the data. Internet Explorer just throws an unpopulated error, while in Chrome Dev Tools I can see the following error;

XMLHttpRequest cannot load http://win2012/otrs/nph-genericinterfac ... DevService. Origin http://localhost:55627 is not allowed by Access-Control-Allow-Origin.

A bit of research has brought me to the cross domain issue (whereby you can't execute a script against a different domain), according to the W3C spec and various sources the correct way to fix this is via the web server configuration. So I have made the following changes on my OTRS installation:

Edited the httpd.config file and uncommented the following lines:

LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so

Just above the OTRS configuration (in the same file) I have also added the following line:

Header add Access-Control-Allow-Origin "*"

I then subsequently restarted the Apache service. I tried my code again, and got the same result. Looking at Fiddler I can't the see "Access-Control-Allow-Origin" header coming back. After this failed I added this line;

Header add Access-Control-Allow-Origin "*"

in the following files:

httpd-vhosts (in C:\Program Files (x86)\OTRS\Apache\conf\extra)
apache2-httpd.include.conf (in C:\Program Files (x86)\OTRS\OTRS\scripts)

I have tried variations between "Header add" and "Header set" and also tried my putting my url in the command (e.g; Header add Access-Control-Allow-Origin "http://localhost" and again restarted the Apache service. Again, same problem. I still can't see the "Access-Control-Allow-Origin" header coming back but can see the xml message.

Its important to note that using the OTRS "Web Service debugging" tool, I can see the service being touched and returning data successfully so there's clearly nothing wrong with the XML.

What am I doing wrong?!


Cheers

Lewis

[Dev1]

Further to this, I no longer think its a Apache configuration issue as I can see the correct headers (in Fiddler) coming back when I visit a OTRS page (i.e. the log in page). However when I'm calling the web service the headers aren't returned.

[Dev1]

More info:

After spending several days trying to get this to work, I'm confident that this issue occurs because the web services do not return the correct header (Access-Control-Allow-Origin). If I plug in the iPhone handler and call that using the same code it works fine, I can also see in Fiddler that the headers are being returned correctly from the iPhone json interface. Unfortunately the iPhone interface doesn't contain the functionality I require.

Unless anyone else has any ideas. I think I'll search the open issues and maybe raise a new issue.

[Dev1]

I've raised this as a bug - 9071, and attached a sample project.

[chris86]

I have add the line
Header set Access-Control-Allow-Origin "*"
to the config file /etc/apache2/conf.d/otrs.conf
after reading this http://bugs.otrs.org/show_bug.cgi?id=9071

Code: Select all

    <Location /otrs/nph-genericinterface.pl>
        Header set Access-Control-Allow-Origin "*"
        PerlOptions -ParseHeaders
    </Location>

But in the webservice response is the header not added.
I have restart the apache webserver.

What is wrong?

[cetama]

Any update on this? I have the same issue here!

Thanks,
cetama

[little51]

modify /etc/httpd/conf/httpd.conf,add proxy config at file end:

Code: Select all

#webservice change from http://serverip/otrs/nph-genericinterface.pl/Webservice/GenericTicketConnector to  http://serverip/otrs/Webservice
<LocationMatch "/otrs/Webservice">  
  ProxyPass http://localhost/otrs/nph-genericinterface.pl/Webservice/GenericTicketConnector
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT"
  Header always set Access-Control-Max-Age "1000"
  Header always set Access-Control-Allow-Headers "Content-Type,x-requested-with,Access-Control-Allow-Headers"
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} OPTIONS  //return 200 to options request
  RewriteRule ^(.*)$ $1 [R=200,L]
</LocationMatch>