Errors for OPTIONS request from Firefox

Matthew_Hong

Our application (JavaScript) accesses the Content Server REST API using HTTPS. The CS is behind the firewall, we set up the OTAG as a proxy server. The application has no problem accessing CS directly, but it failes to use the proxy in Firefox. There is no errors/warning in OTAG log, neither in CS/IIS log. By tracing the browser response/request, we found there is a 500 error occured when the OTAG was handling the response from the CS for an OPTIONS request. Below is the content of error:

<html><head><title>Apache Tomcat/7.0.41 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>java.lang.NullPointerException
    net.sf.j2ep.responsehandlers.OptionsResponseHandler.process(OptionsResponseHandler.java:69)
    net.sf.j2ep.ProxyFilter.rewrite(ProxyFilter.java:142)
    net.sf.j2ep.ProxyFilter.doFilter(ProxyFilter.java:122)
    net.sf.j2ep.RewriteFilter.doFilter(RewriteFilter.java:86)
    com.opentext.otag.rest.apps.AppFilter.doFilter(AppFilter.java:85)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.41 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.41</h3></body></html>

Below is the response from the CS, if I point the application directly to CS without OTAG.

Response Headersview source

Access-Control-Allow-Head...    OTCSTicket, OTDSTicket, MYSAPSSO2, Authorization, Content-Type, Content-Length
Access-Control-Allow-Meth...    GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Orig...    https://mhopentext-c7e3b4f5772a50.sharepoint.com
Access-Control-Expose-Hea...    OTCSTicket, Content-Type
Access-Control-Max-Age  86400
Cache-Control   no-cache, no-store, must-revalidate, max-age=0
Content-Encoding    gzip
Content-Length  119
Content-Type    application/json; charset=UTF-8
Date    Fri, 10 Jan 2014 20:09:08 GMT
Expires 0
Pragma  no-cache
Server  Microsoft-IIS/7.5
Vary    Accept-Encoding
X-Powered-By    ASP.NET

Request Headersview source

Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en,de;q=0.7,en-us;q=0.3
Access-Control-Request-He...    otcsticket
Access-Control-Request-Me...    GET
Connection  keep-alive
Host    mh-cs10
Origin  https://mhopentext-c7e3b4f5772a50.sharepoint.com
User-Agent  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0

Response Content

{"addable_types":[{"type":0,"type_name":"Folder"},{"type":1,"type_name":"Shortcut"},{"type":131,"type_name":"Category"},{"type":136,"type_name":"Compound Document"},{"type":140,"type_name":"URL"},{"type":144,"type_name":"Document"},{"type":207,"type_name":"Channel"}],"available_actions":[{"parameterless":false,"read_only":true,"type":"browse","type_name":"Browse","webnode_signature":null},{"parameterless":false,"read_only":false,"type":"update","type_name":"Update","webnode_signature":null}],"available_roles":[{"type":"categories","type_name":"Categories"}],"data":{"create_date":"2013-06-18T14:45:09","create_user_id":1000,"description":"","description_multilingual":{"en_US":""},"guid":null,"icon":"\/img\/webdoc\/icon_library.gif","id":2000,"modify_date":"2014-01-09T13:17:27","modify_user_id":1000,"name":"Enterprise","name_multilingual":{"en_US":"Enterprise"},"owner_group_id":1001,"owner_user_id":1000,"parent_id":-1,"reserved":false,"reserved_date":null,"reserved_user_id":0,"type":141,"type_name":"Enterprise Workspace","volume_id":2000},"definitions":{"create_date":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"create_date","multi_value":false,"name":"Created","persona":"","read_only":true,"required":false,"type":-7,"type_name":"Date","valid_values":[],"valid_values_name":[]},"create_user_id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"create_user_id","max_value":null,"min_value":null,"multi_value":false,"name":"Created By","persona":"user","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"description":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"description","max_length":null,"min_length":null,"multiline":true,"multilingual":true,"multi_value":false,"name":"Description","password":false,"persona":"","read_only":false,"required":false,"type":-1,"type_name":"String","valid_values":[],"valid_values_name":[]},"guid":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"guid","multi_value":false,"name":"GUID","persona":"","read_only":false,"required":false,"type":-95,"type_name":"GUID","valid_values":[],"valid_values_name":[]},"icon":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"icon","max_length":null,"min_length":null,"multiline":false,"multilingual":false,"multi_value":false,"name":"Icon","password":false,"persona":"","read_only":false,"required":false,"type":-1,"type_name":"String","valid_values":[],"valid_values_name":[]},"id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"id","max_value":null,"min_value":null,"multi_value":false,"name":"ID","persona":"node","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"modify_date":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"modify_date","multi_value":false,"name":"Modified","persona":"","read_only":true,"required":false,"type":-7,"type_name":"Date","valid_values":[],"valid_values_name":[]},"modify_user_id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"modify_user_id","max_value":null,"min_value":null,"multi_value":false,"name":"Modified By","persona":"user","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"name":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"name","max_length":null,"min_length":null,"multiline":false,"multilingual":true,"multi_value":false,"name":"Name","password":false,"persona":"","read_only":false,"required":false,"type":-1,"type_name":"String","valid_values":[],"valid_values_name":[]},"owner_group_id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"owner_group_id","max_value":null,"min_value":null,"multi_value":false,"name":"Owned By","persona":"group","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"owner_user_id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"owner_user_id","max_value":null,"min_value":null,"multi_value":false,"name":"Owned By","persona":"user","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"parent_id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"parent_id","max_value":null,"min_value":null,"multi_value":false,"name":"Parent ID","persona":"node","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"reserved":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"reserved","multi_value":false,"name":"Reserved","persona":"","read_only":false,"required":false,"type":5,"type_name":"Boolean","valid_values":[],"valid_values_name":[]},"reserved_date":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"reserved_date","multi_value":false,"name":"Reserved","persona":"","read_only":false,"required":false,"type":-7,"type_name":"Date","valid_values":[],"valid_values_name":[]},"reserved_user_id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"reserved_user_id","max_value":null,"min_value":null,"multi_value":false,"name":"Reserved By","persona":"member","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"type":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"type","max_value":null,"min_value":null,"multi_value":false,"name":"Type","persona":"","read_only":true,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]},"type_name":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"type_name","max_length":null,"min_length":null,"multiline":false,"multilingual":false,"multi_value":false,"name":"Type","password":false,"persona":"","read_only":true,"required":false,"type":-1,"type_name":"String","valid_values":[],"valid_values_name":[]},"volume_id":{"allow_undefined":false,"default_value":null,"description":null,"hidden":false,"key":"volume_id","max_value":null,"min_value":null,"multi_value":false,"name":"VolumeID","persona":"node","read_only":false,"required":false,"type":2,"type_name":"Integer","valid_values":[],"valid_values_name":[]}},"definitions_base":["create_date","create_user_id","description","guid","icon","id","modify_date","modify_user_id","name","owner_group_id","owner_user_id","parent_id","reserved","reserved_date","reserved_user_id","type","type_name","volume_id"],"definitions_order":["id","type","type_name","name","description","parent_id","volume_id","guid","create_date","create_user_id","modify_date","modify_user_id","owner_user_id","owner_group_id","reserved","reserved_date","reserved_user_id","icon"],"type":141,"type_info":{"advanced_versioning":false,"container":true},"type_name":"Enterprise Workspace"}

Any idea?

John_Wilkinson1

Thanks for including all that logging!

The exception is thrown because j2ep assumes that there will be an allow header in the response. I have logged a bug for us to fix that in our code.

As a workaround, is it possible for you to configure IIS to include an allow header in the response? Alternatively, can the API be used without the OPTIONS call?

Matthew_Hong

Just tried to add the Allow header in the response, everything seems to be working. Thanks!

Ferdinand Prantl

The OPTIONS request is issued by the web browser before the actual GET or other request in case of cross-origin AJAX. This security feature is called preflighting.

It's not possible to avoid the OPTIONS requirest in this scenario. The HTML page from website1 is connecting to the REST API at the website2 - cross-origin - and the authentication is done by a custom header. Just these two characteristics qualify the AJAX call for preflighting.

The Allow header is not a mandatory header for the preflighting response and the OTAG proxy should pass such response to the browser. It's good that there is an easy workaround for now, thanks!