How to make CORS origin call request from rally sdk (custom html code)?

Question

I'm developing a custom html dashboard using the rally sdk and I want to populate one of the field data from a CORS origin request call.

Can you please provide some examples/links how to make CORS call using rally sdk custom html code?

I tried via ajax call it gives me 403 exception.

var usChangeSets = story.getCollection('Changesets');
            console.log('usChangeSets--',usChangeSets);         
            usChangeSets.load({
                fetch : ['Author', 'Message', 'Uri'],
                callback: function(records, operation, success){
                    Ext.Array.each(records, function(changeset){                                           
                       //Ajax api call to get details from external link
                        var blink ="https://[sonarqube]/job/Appdev/job/TestProject/api/json";                       
                         Ext.Ajax.request({
                                url: blink, 
                                method :'GET',
                                crossDomain: true,
                                withCredentials: true,  
                                headers : { 
                                    'Authorization': 'Basic dsasfsfxfhfj',
                                     'Content-Type': 'application/json;charset=UTF-8',
                                     'Access-Control-Allow-Origin' : '*'
                                },
                                success: function(response){
                                    var backToJs=JSON.parse(response.responseText);
                                        console.log('resp data-',backToJs);
                                        //console.log(backToJs['QueryResult'].Results);

                                },
                                failure: function(response) {
                                    console.log('ajax call failure');
                                }
                            });                                
                        }
            }
}

Answer 1

You need to configure your external server to allow CORS requests. The browser will automatically add the origin header to your request and then your server should respond with the appropriate cors headers (Access-Control-Allow-Origin).

Here's an example of how the rally server responds to a request from a different origin:

% http https://rally1.rallydev.com/slm/webservice/v2.0/testcaseresult/54277371431 zsessionid:_5507Kn8 origin:localhost -v
GET /slm/webservice/v2.0/testcaseresult/54277371431 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: rally1.rallydev.com
User-Agent: HTTPie/0.9.9
origin: localhost
zsessionid: _55GAn8



HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: localhost
Access-Control-Expose-Headers:
CF-RAY: 38cbe03c4dd45005-DEN
Cache-Control: private,max-age=0,must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 623
Content-Type: application/json;  charset=utf-8
Date: Fri, 11 Aug 2017 14:27:29 GMT
ETag: "0b0e0cdae135fc6cd32fa496d7660c756"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
RallyRequestID: qs-app-103xz471u80pea8opfovz9g8gv.qs-app-1014978663
Server: cloudflare-nginx
Set-Cookie: __cfduid=d604a6a0fa131613b997640ead95cc5171502461649; expires=Sat, 11-Aug-18 14:27:29 GMT; path=/; domain=.rallydev.com; HttpOnly
Set-Cookie: JSESSIONID=qs-a0;Path=/;Secure;HttpOnly
Set-Cookie: SUBBUCKETID=209;Path=/;Domain=rally1.rallydev.com;Secure;HttpOnly
Set-Cookie: SUBSCRIPTIONID=209;Path=/;Domain=rally1.rallydev.com;Secure;HttpOnly
Set-Cookie: SERVERID=319fca23748f5704e88bd8741ae60476b188cf5e; path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block