Commodore
Commodore
356 views

REST Driver 1.1.2.0 Publisher Query Response - Add “Access-Control-Allow-Origin” Header

Dear Community,

we are using REST Driver Publisher as REST endpoint for eDirectory an expose additional resources for client applications. eDirectory and the Driver Shim are hosted on a different server than the Identity Applications. We call the exposed REST endpoint from one of our forms. This works fine from within the form builder.

If we use the form in a web browser, we get the following error: “CORS Missing Allow Origin”

For my understanding, we need to add the “Access-Control-Allow-Origin” header to the query response for this to work from within a “default” web browser. Question is, how can we implement this with the default REST Driver?

We’ve tried to modify the “driver-operation-data” with the “header” child element (as it is documented for Subscriber requests), unfortunately without any success.

Does anybody know how to “modify” the response header (and preferably without implementing a custom java extension)? Or am I missing something else here? I would be very thankful for any idea/advice.

Many thanks and best regards,

Philipp

0 Likes
5 Replies
Micro Focus Expert
Micro Focus Expert

Hi Phillip,

the REST shim doesn't look for any header elements in publisher results and none of the Java extension points allow you to set headers.

Since the publisher only allows for basic auth, I don't think it would be a good fit for your use case anyway. You might have more success by using the eDirectory REST Services with OAUTH2: https://www.netiq.com/documentation/edirectory-92/edir_admin/data/t48p6bt8162j.html

--
Norbert
Commodore
Commodore

Hi Norbert,

many thanks for your detailed answer!

Mhm, it is unfortunate, that it is not possible to modify the header for publisher query response in the REST Driver...

The thing is, we have the requirement to check for existing objects (uniqueness) in AD from within our form. Since we do not have all objects in IDV (the customer never deletes objects and thus holds many hundred thousands of "archived" objects in AD), we use the REST Driver Publisher to inject query documents into AD Driver and return the responses via JSON Payload. Which works quite well actually.

This way, we can "query AD" from within our form in "real time" via REST call without having to implement direct LDAP queries against AD.

I am not sure if that is possible with the eDIR REST API, since it’s just a REST interface for eDirectory services.

Guess we will have pull in all AD objects anyway…

Best regards,

Philipp

0 Likes
Micro Focus Expert
Micro Focus Expert

If you don't need authentication in the REST driver, you could possibly put it behind a reverse proxy and have that inject the necessary headers.

--
Norbert

Hi.

We have an SR open for the same thing, but trying to set the Content-Type header in a response to a publisher request. So far no solution, and it might not be possible as of now.

One thing we noted was that if we send Content-Type as a header in the request, the same Content-Type is also set in the response, so that might be worth trying. It could be that it only works for Content-Type and not other headers.

Best regards

Marcus

Commodore
Commodore

Hi Norbert, hi Marcus,
many thanks for your suggestion!
We will give it a try after the holidays (via reverse proxy and to prepopulate the headers in the original request).
I keep you posted on the results...
Best regards,
Philipp
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.