Cross domain authentication

Herbert van Til

Hi
When trying to authenticate in my app via a browser comming from another domain i get this errror.

XMLHttpRequest cannot load http://moss-strs.eim.net:8080/gateway/v1/auth. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://moss-strs:8080' is therefore not allowed access. (index):1

I tried to add a crossdomain.xml :

<?xml version="1.0" ?>
 <cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

Does anyone know how to solve this?

John_Wilkinson1

Can you deploy your app in AppWorks instead? That is the recommended pattern.

Also, if you deploy an app with a web.zip containing your html, your app will appear in the webaccess app launcher and you won't have to make an auth call at all.

Herbert van Til

Hi John, thanks for your answer, yes we know, then everything is handled serverside. But in the App we also have a problem that the app does not respond. The mobile device is connected to a VM via wifi using the IP address. So we tried to reproduce that from the browser so we can see the logging in the browser.
Is there a way to log what happens in the gateway when we use the app?

Benjamin_Chilibeck

Try running your browser with web security disabled. This is an easy way to force your browser to turn off the cross-domain restrictions for some one off dev testing.

Ferdinand Prantl

As Benjamin says, you can disable the CORS check in IE advanced options. I'm not sure about the other browsers, maybe they have something similar too.

If you want to access the APIs at http://moss-strs.eim.net:8080/ by AJAX in general, you can include the CorsFilter in the web.xml of your web application and allow the origin of your web page there. You would need Tomcat 7.0.42 or newer.

The crossdomain.xml file is for Flash and Silverlight; not for the XMLHttpRequest object.