1

I am using RestyGWT to communicate with remote service on JBoss AS7 but getting following error:

OPTIONS http://localhost:8080/remoteService No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8888' is therefore not allowed access. 
VM482:81
XMLHttpRequest cannot load http://localhost:8080/remoteService No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8888' is therefore not allowed access.

I have enabled following headers and access control via @OPTIONS in back-end server as:

"Access-Control-Allow-Origin", "*"
"Access-Control-Allow-Methods", "POST, GET, UPDATE, DELETE, OPTIONS"
"Access-Control-Allow-Headers", "content-type,x-http-method-override"

My Client Interface to communicate with the server is as:

@Path("/remoteService")
public interface MonitorMeService extends RestService {
    @Path(value="/getBooks")
    @GET
    @Consumes(MediaType.APPLICATION_JSON)
        void getBooks(MethodCallback<List<Books>> callback);
}

Can anyone please tell what i am missing? What CORS handling i am missing?

slfan
  • 8,950
  • 115
  • 65
  • 78
Mustansar Saeed
  • 2,730
  • 2
  • 22
  • 46

2 Answers2

1

I was using CORS successfully with RestyGWT until I hit a wall trying to get session cookies to work properly. I use Play framework on the server and the browser was not cooperating with the set-cookie header response to CORS moderated interactions.

I found out that I could completely dispense with all the CORS directives (and also no longer require the use of JSONP) by moving to a simple reverse proxy setup on the server.

This made everything simpler and the cookies work properly now.

If you are interested in more details, please respond to this - I'll be happy to post more details. thanks. JR

Joel
  • 572
  • 5
  • 18
0

Apart from the OPTION, you have to set the Access-Control-Allow-Origin header also for other methods: POST, GET, etc

[EDIT]

I've never used restyGwt, so I dont know how to configure restyGwt servlets to set headers, but I use this filter I wrote sometime ago when I want to configure CORS in my server container. It works for any server servlet (RPC, RF, JSON, etc). I suggest to use this filter instead of dealing with headers in your app.

Manolo Carrasco Moñino
  • 9,723
  • 1
  • 22
  • 27
  • I have set "Access-Control-Allow-Origin", "*" "Access-Control-Allow-Methods", "POST, GET, UPDATE, DELETE, OPTIONS" "Access-Control-Allow-Headers", "content-type,x-http-method-override", but still getting the same error. – Mustansar Saeed Nov 25 '13 at 04:44
  • For not OPTIONS methods, it is enough with the `Access-Control-Allow-Origin` header. Edited my response to suggest a filter. – Manolo Carrasco Moñino Nov 25 '13 at 06:48