CORS for LiveCycle

On one project we moved from Flex based frontend to Angular HTML5 based.

Static content is stored in CRX instance on URL like http://appserver:4502/content/app
while LiveCycle is called in form of REST points on URL like: http://appserver:8080/rest/xxxx

Problem we faced was CORS error:

No 'Access-Control-Allow-Origin' header is present on the requested resource

and after some tweaking we got:

The value of the 'Access-Control-Allow-Origin' header in the response must not
be the wildcard '*' when the request's credentials mode is 'include'. Origin 'xxxx' 
is therefore not allowed access. The credentials mode of requests initiated by
the XMLHttpRequest is controlled by the withCredentials attribute.

As LiveCycle ES3 that was used in this case did not support for CORS headers we created simple JBOSS Valve:

package cz.inited.livecycle.cors;


import javax.servlet.ServletException;
import org.apache.catalina.valves.ValveBase;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;

public class CORSFilter extends ValveBase {

    public void invoke(Request request, Response response) throws IOException, ServletException {
        String acceptHeader = request.getHeader("Accept");
        if ((acceptHeader != null) && ((acceptHeader.indexOf("application/json") >= 0)
            || (acceptHeader.indexOf("application/xml") >= 0))) {
            String originHeader = request.getHeader("Origin");
            response.addHeader("Access-Control-Allow-Origin", originHeader);
        getNext().invoke(request, response);

Compiled jar is jar here available for download.

This Eclipse project with just one java files was sufficient. Also there we two dependency jars needed: jbossweb.jar and servlet-api.jar . We took them from LiveCycle installation.

After we built the jar file with class above, we installed it:
1. put jar into /jboss/server/lc_turnkey/deploy/jbossweb.sar folder
2. add following line into server.xml file in the same folder:

<Host name="localhost">
    <Valve className="cz.inited.livecycle.cors.CORSFilter" />

and restart your server. Worked like a charm!
Probably in AEM this will be no longer needed.

Není-li uvedeno jinak, obsah této stránky je pod licencí Creative Commons Attribution-ShareAlike 3.0 License