Layer7 Access Management

Expand all | Collapse all

These cross domain XMLHttpRequest fails to reach the actual server

Jump to Best Answer
  • 1.  These cross domain XMLHttpRequest fails to reach the actual server

    Posted 06-18-2015 05:26 AM

    There is one application  in which application deployed in http://abc.ravi.bt.com domain .

    Siteminder is being used to establish SSO for the application.
    After every 5mins when user access the application they get redirected to https://abc.xyz.com(is the cookie provider server) which is in a different domain. 
    These cross domain http requests fails to reach the actual server and error out with the following exception in the browser ? ?XMLHttpRequest cannot load https://abc.xyz.com/SmMakeCookie.ccc?SMSESSION=?%2ecom%2fcqm%2fquotes%3fcustomerID%3d170953%26salesChannel%3dBT%2bAMERICAS. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://sap.ravi.bt.com' is therefore not allowed access.? As a result every http request, send in after every 5 mins ,from our client (browser) is failing and fetching no result.
    Which is causing major problem in client side.  Application team tried adding following Header para to Request & Response Header in client & Http webserver config ? ?Access-Control-Allow-Origin: *?.
    However it?s didn?t resolve the problem however  we tried setting response attribute header as ?Access-Control-Allow-Origin? name and value as * but didn?t work.



  • 2.  Re: These cross domain XMLHttpRequest fails to reach the actual server

    Posted 06-18-2015 10:13 AM

    Ravi RaviSapare

     

    Please remove the URLs and replace them with dummy URLs. Please remove all references which connect the URLs to a particular company. This is a public forum.

     

     

    Regards

    Hubert



  • 3.  Re: These cross domain XMLHttpRequest fails to reach the actual server

    Posted 06-18-2015 10:36 AM

    Ravi RaviSapare

     

    Based on your comments above it seems like the issue tends to transpire when SessionUpdatePeriod defined in Local WebAgent kicks in and issues a redirect Cookie Provider to update the Master Cookie.

     

    There have been instances in the past wherein Applications are unable to handle 302 redirects as responses e.g.

    • Browser sends a request to Application.
    • Application handles the GET / POST request with DATA INPUTs in the request.
    • When WebAgent is present, it intercepts the request before the Application receives the request.
    • WebAgent does its own processing and issues a 302.
      • Sometimes there are race-conditions here i.e.
        • Application may forcefully override and ignore the 302.
        • WebAgent issues the 302. However when the 302 is returned back, Application is unable to handle it.

     

     

     

    In your case it seems like a fundamental thing browser is blocking because your request is Cross Domain. This is my haunch after I read a few blogs online.

     

    I would ideally start from scratch i.e. design and see what is necessary for such applications.

     

    Cross-Origin XMLHttpRequest - Google Chrome

    javascript - Cross origin requests are only supported for HTTP but it's not cross-domain - Stack Overflow

     

     

    Regards

     

    Hubert



  • 4.  Re: These cross domain XMLHttpRequest fails to reach the actual server
    Best Answer

    Posted 08-11-2015 05:31 AM

    This issue resolved by setting the following in the CookieProvider apache server.

     

    Initially in the httpd.conf file we were having the below line

     

    Header always set Access-Control-Allow-Origin "null"

     

    We replaced the above line with the following:

     

     

    <IfModule mod_headers.c>

    SetEnvIfNoCase Origin "(^https?://(.+\.abc\.com)(:\d+)?$|^null$)" AccessControlAllowOrigin=$0

       Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

    </IfModule>

     

    In order to use this, you will need to have the following module enabled

     

    LoadModule headers_module modules/mod_headers.so