Ensign
Ensign
426 views

Form Builder, IG Rest API and CORS policy

Hi,

I am working with the IG Rest API to start reviews from a workflow, and I can do that just fine using the REST activities of the workflow, where I am able to both obtain an OAuth token from my sign-on handler and communicate data to the IG Rest API. 

My issue is, that I would like to make these requests (and others) before the form is submitted, i.e. from the form itself, but whenever I attempt to send requests from the forms I run into a CORS policy block. 

Attempting to get the OAuth token:

"Access to XMLHttpRequest at 'https://<server>:8543/osp/a/idm/auth/oauth2/token' from origin 'https://<server>:8600' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

Attempting to reach the IG Rest API:

"Access to XMLHttpRequest at 'https://<server>:8543/api/review/reviewingTargets' from origin 'https://<server>:8600' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

I believe that these endpoints must allow traffic from the Form Builder origin, but is this at all possible to configure? Is there perhaps another way to make service calls which circumvents this issue?

I'd appreciate any input. Thank you for your time.

Labels (1)
2 Replies
Vice Admiral
Vice Admiral

The way I solved this problem in the legacy forms (and no reason to think it would not work under forms.io) was to build a "reflector" and put it on the Tomcat server where the UA was running. Then all my calls origin was the same as the hosting server.



https://community.microfocus.com/t5/Identity-Manager-Tips/Querying-a-Connected-System-from-a-Workflow-Form/ta-p/1776902




Ensign
Ensign

Thanks for the suggestion.

Yes, I can see this working and while it is not the solution I was hoping for, it might be the simplest one for the moment. 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.