I am trying to make REST request on Wildfly server. First I must login to old application and to get cookie. That cookie must be used in newer application which makes REST requests. New application is some template from real existing one. I have tried some options in header of REST request like setting properties withCredentials, Access-Control-Allow-Credentials, token, crossDomain as shown in function getAllEntities bellow.
REST requests where tested and they worked fine with RestClient on Firefox browser as shown bellow.
I do not know how to:
insert cookie which I get from previous application
remove token (it seems this is impossible)
solve these two errors which are written in title
This is how does request look like in RestClient:
Method: GET
URL: https://xx.xx.xx.xx:8443/api/codes
Content-Type: application/json
Accept: application/json
Cookie: code_system_frontend=bvkkvbcp24igdgja4h5hht13p4; code=ae8be9267e8dfea86a8f54f6bd980733
This is how response look like in RestClient:
Status Code: 200 OK
Access-Control-Allow-Headers: Content-Type, Content-Disposition, Accept, responseType, X-MAC, X-TIME, Cookie
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Disposition, Accept
Connection: keep-alive
Content-Type: application/json
Date: Tue, 26 Jul 2016 15:22:00 GMT
Server: WildFly/9
Transfer-Encoding: chunked
access-control-allow-credentials: true
x-powered-by: Undertow/1
and typical JSON response body:
[
{
"code": 1,
"codename": "Demo"
},
{
"code": 2,
"codename": "Gmx"
}
//AND SO ON
]
This is code in Angularjs:
function getAllEntities(entityName, addToCache) {
config = {
headers: {
'cookie':'code_system_frontend=bvkkvbcp24igdgja4h5hht13p4;code=ae8be9267e8dfea86a8f54f6bd980733',
'Content-Type': 'application/json',
'Accept': 'application/json',
'withCredentials':'true',
//'Access-Control-Allow-Credentials': 'true',
//'X-API-TOKEN': undefined,
//'token':undefined,
//crossDomain: true
},
data: ''
};
return $http.get(endPoints.api + entityName, config)
.then(getAllEntitiesComplete)
.catch(function (message) {
exception.catcher('XHR Failed for getAllEntities for entity ' + entityName)(message);
return $q.reject(message);
logger.info('Message ' + message);
});
function getAllEntitiesComplete(data, status, headers, config) {
var entities = data.data;
if (addToCache) {
service.cachedLookups[entityName] = entities;
service[entityName + 's'] = entities;
}
return entities;
}
}
In Firebug I get:
Request Header in Firebug:
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Content-Type: application/json
Host: XX.XX.XX.XX:8443
Origin http://admin.dev.xxxxxxxx.xxx
Referer http://admin.dev.xxxxxxxx.xxx/xx/codes
User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
token fake token for anonymous user
withCredentials true
And I also get warning in Firebug:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at https://xx.xx.xx.xx:8443/xxxxxxxx/api/code. (Reason:
CORS header 'Access-Control-Allow-Origin' does not match '*').
And I get this error because of my code:
Error: XHR Failed for getAllEntities for entity suborder Object { status=0, config={...}, data=null, more...}
In Crome I get:
Refused to set unsafe header "cookie"
and
net::ERR_INSECURE_RESPONSE
