Support > Wagby Developer Network(R7) > REST API usage guide > Correspondence to CORS
ja | en

I will explain the procedure for making REST API correspond to CORS.

Cross-Origin Resource Sharing (CORS) is a mechanism that a Web browser acquires data from a server other than HTML reading.

Although the user's Web browser uses a certain Web application, there are cases where you want to acquire data with Ajax from the Wagby application (provided by REST API).At this time, it is necessary to make Wagby application correspond to CORS.

Figure 1 Image of CORS

Technical Details

CORS is a mechanism that returns the HTTP header of how the server providing the REST API (eg http: // localhost: 8921) handles calls from different domains.For details, please see the following.

Running browser

IE 10 or above, Google Chrome, Firefox etc. correspond.For details, please see the following URL.

IE 9 is Partially supported, but it does not correspond because it does not correspond to cookie handling by designation with with Credentials.

Setting for browser

Please allow 3rd party cookies.

IE 11
http://windows.microsoft.com/ja-jp/internet-explorer/delete-manage-cookies#ie=ie-11
IE 10
Set "A: Origin" as the local intranet (in Figure 1) on the Internet Options Security tab.
Google Chrome
https://support.google.com/chrome/answer/95647?hl=ja
Firefox
http://support.mozilla.org/ja/kb/disable-third-party-cookies

If proper setting is not done, JavaScript error will not occur and it will not work.

Tomcat 7 that Wagby ships with as standard includes "CORS filter" to enable CORS.
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter

Edit the web.xml in the webapps/application/WEB-INF folder of the Wagby application and enable the corresponding filter.Then restart Tomcat.

 <filter>
   <filter-name>CorsFilter</filter-name>
   <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
   <init-param>
     <param-name>cors.allowed.origins</param-name>
     <param-value>*</param-value>
   </init-param>
   <init-param>
     <param-name>cors.allowed.methods</param-name>
     <param-value>GET, POST, HEAD, OPTIONS, PUT, DELETE</param-value>
   </init-param>
   <init-param>
     <param-name>cors.allowed.headers</param-name>
     <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
   </init-param>
   <init-param>
     <param-name>cors.exposed.headers</param-name>
     <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
   </init-param>
   <init-param>
     <param-name>cors.support.credentials</param-name>
     <param-value>true</param-value>
   </init-param>
   <init-param>
     <param-name>cors.preflight.maxage</param-name>
     <param-value>10</param-value>
   </init-param>
   <init-param>
     <param-name>cors.supportedHeaders</param-name>
     <param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value>
   </init-param>
 </filter>
 <filter-mapping>
   <filter-name>CorsFilter</filter-name>
   <url-pattern>*</url-pattern>
 </filter-mapping>
cors.allowed.origins
Specify the originating calling server (Origins).Although it is * in the above setting, this means accepting inquiries from all servers.
From a security point of view, we recommend setting only servers that are actually used.
Example:
http://127.0.0.1:8921
http://www.jasminesoft.co.jp
When describing multiple domains, list them with ",".
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter/Initialisation_parameters
cors.allowed.methods
Specify the HTTP method to allow access.Wagby's REST API uses not only GET POST but also PUT and DELETE.
cors.support.credentials
Set whether to use cookies and authentication by access using CORS.Since Wagby's REST API uses cookies, specify true.

Create Ajax-ready code with JavaScript code.Prepare an XMLHttpRequest object.

httpObj = new XMLHttpRequest();

For this object, specify to use cookies.

httpObj.withCredentials = true;

After that, we will communicate.

HttpObj.send (/ * parameter * /);
I will skip on how to write concrete Ajax code.