cancel
Showing results for 
Search instead for 
Did you mean: 

alfresco enable cross origin resource sharing

hdalang
Champ in-the-making
Champ in-the-making
I tried to use this form to communicate with alfresco but it's not working and it gave me the following error:

XMLHttpRequest cannot load http://localhost:8085/alfresco/service/hello. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 500


I have done this code for testing.
hello.post.html.ftl

Hello ${args.name}


hello.get.desc.xml

<webscript>
  <shortname>Hello</shortname>
  <description>Polite greeting</description>
  <url>/hello?name={nameArgument}</url>
<authentication>none</authentication>
</webscript>


form.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Registration Form</title>
<link rel="stylesheet" type="text/css" href="view.css" media="all">
<script type="text/javascript" src="view.js"></script>
<script type="text/javascript" src="calendar.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.js"></script>
    <script src="http://malsup.github.com/jquery.form.js"></script>
        <script type="text/javascript">
        $(document).ready(function() {
                $('form').submit(function(evt) {
                        // get the data typed into the input field
                        var name = $(this).find('#name').val();

                        // submit a new `post` request
                        $.post('http://localhost:8085/alfresco/service/hello', name);
                        //      ^ indicates the url          ^ data you want to send

                        // prevent the form from submitting the 'normal' way
                        evt.preventDefault();
                        }
        )});                  
        </script>

        </head>
<body id="main_body" >
      
        <img id="top" src="top.png" alt="">
        <div id="form_container">
      
                <h1><a>Registration Form</a></h1>
                <form id="form_972911" class="appnitro"  method="post" action="">
                                        <div class="form_description">
                        <h2>Registration Form</h2>
                        <p>This is your form description. Click here to edit.</p>
                </div>                                        
                        <ul >
                      
                <li id="li_1" >
                <label class="description" for="element_1">Name</label>
                <div>
                        <input id="name" name="element_1" class="element text medium" type="text" maxlength="255" value=""/>
                </div>
                </li>         
                      
                                        <li class="buttons">
                            <input type="hidden" name="form_id" value="972911" />
                          
                                <input id="saveForm" class="button_text" type="submit" name="submit" value="Submit" />
                </li>

                <img id="bottom" src="bottom.png" alt="">

        </body>
</html>


I think there is something called cross original resource sharing, but I don't know what does that means?
and how to solve it?
3 REPLIES 3

mrogers
Star Contributor
Star Contributor
The problem is that pulling in resources from multiple web servers is a common way to inject malware into a web page  a so called XSS attack.   So alfresco has turned on web page options to prevent you being able to load resources from external sources. 

I see you are trying to load
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.js"></script>
<script src="http://malsup.github.com/jquery.form.js"></script>

You need to load those resources from alfresco or via Share's proxy.

Would enabling the CORS filter in the web.xml and setting

      <init-param>
         <param-name>cors.allowOrigin</param-name>
         <param-value>*</param-value>
      </init-param>

not work in his case?

I have a similar issue, but it's a bit weirder in my case. Some Alfresco API urls allow cross-domain access, some don't. My recent issue on StackOverflow (see especially "Update 2"):
http://stackoverflow.com/questions/31981648/angularjs-alfresco-cors-filter-issue-no-access-control-a...

golla77
Champ in-the-making
Champ in-the-making
Hi All,

I am trying to upload document use Alfresco REST service (http://localhost:9090/alfresco/service/api/upload) using Ajax script. and the file is successfully uploading into alfresco but  getting below error with no response header. we are expecting in the response status and nodeRef. but response is empty. need help how to solve this.

Error:

XMLHttpRequest cannot load http://amxbpmdnsname:9090/alfresco/service/api/upload. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8888'' is therefore not allowed access.

===========================

Ajax script:

$.support.cors = true;   
   $.ajax({
      type: "POST",
      url: "http://localhost:9090/alfresco/service/api/upload",
      data: data,
      headers: {Authorization: make_base_auth('xxx', 'xxxxx')},
      contentType: false,
      processData: false,
      success: uploadSuccess,
      error:UploadError,
      //complete: completProcess
   });

===========================

web.xml


<filter-mapping>
      <filter-name>CORS</filter-name>
    <!– <url-pattern>/*</url-pattern> –>
      <url-pattern>/api/*</url-pattern>
      <url-pattern>/service/*</url-pattern>
      <url-pattern>/s/*</url-pattern>
      <url-pattern>/cmisbrowser/*</url-pattern>
   </filter-mapping>


===============

<filter>
      <filter-name>CORS</filter-name>
      <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
      <init-param>
         <param-name>cors.allowGenericHttpRequests</param-name>
         <param-value>true</param-value>
      </init-param>
      <init-param>
         <param-name>cors.allowOrigin</param-name>
   
       <!–  <param-value>http://localhost:8888</param-value> –>
    
        <param-value>*</param-value>
      </init-param>
      <init-param>
         <param-name>cors.allowSubdomains</param-name>
         <param-value>true</param-value>
      </init-param>
      <init-param>
         <param-name>cors.supportedMethods</param-name>
         <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
      </init-param>
      <init-param>
         <param-name>cors.supportedHeaders</param-name>
         <param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-value>
      </init-param>
     <!– <init-param>
         <param-name>cors.exposedHeaders</param-name>
         <param-value>*</param-value>
      </init-param>
     –>
      <init-param>
         <param-name>cors.supportsCredentials</param-name>
         <param-value>true</param-value>
      </init-param>
      <init-param>
         <param-name>cors.maxAge</param-name>
         <param-value>3600</param-value>
      </init-param>
   </filter>