REST Driver 18.104.22.168 Publisher Query Response - Add “Access-Control-Allow-Origin” Header
we are using REST Driver Publisher as REST endpoint for eDirectory an expose additional resources for client applications. eDirectory and the Driver Shim are hosted on a different server than the Identity Applications. We call the exposed REST endpoint from one of our forms. This works fine from within the form builder.
If we use the form in a web browser, we get the following error: “CORS Missing Allow Origin”
For my understanding, we need to add the “Access-Control-Allow-Origin” header to the query response for this to work from within a “default” web browser. Question is, how can we implement this with the default REST Driver?
We’ve tried to modify the “driver-operation-data” with the “header” child element (as it is documented for Subscriber requests), unfortunately without any success.
Does anybody know how to “modify” the response header (and preferably without implementing a custom java extension)? Or am I missing something else here? I would be very thankful for any idea/advice.
Many thanks and best regards,
the REST shim doesn't look for any header elements in publisher results and none of the Java extension points allow you to set headers.
Since the publisher only allows for basic auth, I don't think it would be a good fit for your use case anyway. You might have more success by using the eDirectory REST Services with OAUTH2: https://www.netiq.com/documentation/edirectory-92/edir_admin/data/t48p6bt8162j.html
many thanks for your detailed answer!
Mhm, it is unfortunate, that it is not possible to modify the header for publisher query response in the REST Driver...
The thing is, we have the requirement to check for existing objects (uniqueness) in AD from within our form. Since we do not have all objects in IDV (the customer never deletes objects and thus holds many hundred thousands of "archived" objects in AD), we use the REST Driver Publisher to inject query documents into AD Driver and return the responses via JSON Payload. Which works quite well actually.
This way, we can "query AD" from within our form in "real time" via REST call without having to implement direct LDAP queries against AD.
I am not sure if that is possible with the eDIR REST API, since it’s just a REST interface for eDirectory services.
Guess we will have pull in all AD objects anyway…
If you don't need authentication in the REST driver, you could possibly put it behind a reverse proxy and have that inject the necessary headers.
We have an SR open for the same thing, but trying to set the Content-Type header in a response to a publisher request. So far no solution, and it might not be possible as of now.
One thing we noted was that if we send Content-Type as a header in the request, the same Content-Type is also set in the response, so that might be worth trying. It could be that it only works for Content-Type and not other headers.
many thanks for your suggestion!
We will give it a try after the holidays (via reverse proxy and to prepopulate the headers in the original request).
I keep you posted on the results...