1

I have a request handler set up like this:

httpServer.addRequestHandler("^/send-contact-message", "./rest-extensions/contact-messages.js", "sendContactMessage");

I have CORS set up like this:

<cors enabled="true">
    <domain name="imagesreimagined.com" methods="post"/>
</cors>

My server is set up with Secure Connections (HTTPS) set to Accept only HTTPS from remote & allow HTTP and HTTPS from localhost. If I send a request from a form with action="https://imagesreimagined.store/send-contact-message", I get an error in the browser stating:

XMLHttpRequest cannot load https://imagesreimagined.store/send-contact-message. Origin http://imagesreimagined.com is not allowed by Access-Control-Allow-Origin.

If I set my server’s Secure Connections (HTTPS) to Accept both HTTP and HTTPS connections and change the form action to http, it works. However, I need all remote connections to be https.

I also tried CORS with the 443 port and got the same error.

<cors enabled="true">
    <domain name="imagesreimagined.com:443” methods="post"/>
</cors>

The server calling the Wakanda Server is not SSL, if that makes a difference.

Jeff G
  • 1,996
  • 1
  • 13
  • 22
  • 1
    Your url is `https://imagesreimagined.store`, why add `imagesreimagined.com` in CORS and not `imagesreimagined.store` ? – Yann Aug 02 '17 at 06:23
  • @Yann `imagesreimagined.store` is the domain of the server running Wakanda Server. `imagesreimagined.com` is the domain of a non-Wakanda website that is accessing the Wakanda server. – Jeff G Aug 02 '17 at 18:04
  • Did you precise `
    ` ? `get` is the default value for a form. You can also try to add `POST;GET` in your CORS settings.
     – Yann Aug 03 '17 at 06:59
  • @Yann Yes. `method="post"`. – Jeff G Aug 03 '17 at 15:11
  • This is amazing. I logged into SO this morning to ask this very same question. My setup is very similar. – Chris Curnow Aug 29 '17 at 00:27

2 Answers2

1

Once I removed the port number from the cors domain name and added SSL to the server that hosts the website posting to the Wakanda Server, it worked.

Jeff G
  • 1,996
  • 1
  • 13
  • 22
0

I guess this is not an answer but rather adding more to the question in the hope it helps.

This is amazing. I logged into SO this morning intending to ask this very same question. My setup is very slightly different.

I have my Wakanda server set to accept only SSL connections and set to Accept only HTTPS from remote & allow HTTP and HTTPS from localhost. The Wakanda server is published on port 8443.

On the same machine I have an Apache server running on port 80 that publishes my Angular 2 app.

I spent several hours trying to get CORS to work with no success. I haven't tried running the Angular app on SSL yet, but that sounds like it would be worth a try.

=====================

After further investigation, I found the problem.

Don't include the protocol in the CORS definition.

ie:

Instead of 

<domain name="http://app.example.com" methods="post;get;put;delete"/>

It should be:

<domain name="app.example.com" methods="post;get;put;delete"/>

Pretty obvious really but I didn't see it for a long time.

Chris Curnow
  • 643
  • 5
  • 15