I have got the following ajax request in Framework7 in order to get back json data in FW/1 (4.2) (Lucee 5.2.9), but unfortunately i get error due to CORS policy via Chrome browser.
app.request({
url:"http://127.0.0.1:49820/index.cfm/user/login/",
type:"POST",
data:JSON.stringify({
"username":username,
"password":password
}),
crossDomain: true,
xhrFields: { withCredentials: false },
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods':'GET,HEAD,OPTIONS,POST,PUT',
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, Authorization',
'Content-type': 'text/javascript; charset=utf-8',
},
dataType:"jsonp",
success:function(result){
console.log(result);
}
});
In my Fw/1 Application.cfc, i have got the following settings:
variables.framework = {
preflightOptions = true,
generateSES = true,
routes= [
{ "$POST/user/login/" = "/main/get" }
]
};
and in my main Controller get action i get json via
rc.user_info = variables.userService.login(rc.dsn,rc.username,rc.password);
variables.fw.renderData( "json", rc.user_info);
Unfortunately i receive the following message
Access to XMLHttpRequest at 'http://127.0.0.1:49820/index.cfm/user/login/' from origin 'http://localhost' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
Regarding request-header information, i receive the following and as far as i can see parameters are also passed:
Any idea that could help me?
Regards
What version of FW/1 are you using? I assume the latest?
I know nothing about how Framework7's ajax features work, but I would try setting preflightOptions = true
, if you haven't already, in your FW/1 framework settings in Application.cfc
and see if that remedies your issue.
Check out the OPTIONS Support
section of http://framework-one.github.io/documentation/4.3/developing-applications/#options-support
UPDATE
Since preFlightOptions
is being used...
My next suggestion is to set your allowed headers in the FW/1's framework settings. You can do this by defining optionsAccessControl.headers = "your, headers, here"
. This is all mentioned in the link I already shared.
You can define the optionsAccessControl
struct as a whole if you'd like and set the other keys as well.
optionsAccessControl = {
origin: "",
headers: "",
credentials: true/false,
maxAge: 12345
}
UPDATE 2
This same issue was cross-posted to the FW/1 GitHub Repository so for transparency, I wanted to share the solution here for anyone who may come across this...
In Application.cfc
, include the following framework settings:
generateSES = true,
SESOmitIndex = true,
preflightOptions = true,
optionsAccessControl = {
origin: "*",
headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin"
}
In the controller method pass the origin header with the response:
variables.fw.renderData( "json", rc.user_info).header( "Access-Control-Allow-Origin", "*" );
Note: For security reasons, it's best practice to not allow "*" and instead only allow the domain that is calling/responding. (Example: http://127.0.0.1:12345)