cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Aquamarine

No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hi @ptc ,

I am try get data from thingworx with HTTP POST request (JavaScript/HTML). But i am get an error like below,

 

Access to XMLHttpRequest at 'http://localhost:8080/Thingworx/Things?appKey=c0f49d05-d5a2-4d73-857e-4bc6ef7f89bf' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

I have updated "web.xml" file also enabled "Allow Request Method Switch" and "Allow Application key as URL Parameter". Still i am facing the same issue. Can i have a solution.?

 

 

Thanks.

9 REPLIES 9

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Anyone have answer for this? @tmisner 

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hello Sathishkumar,

 

Thank you for reaching out on the ThingWorx Developer Community.

 

Would it be possible to share the service code or further details on what data you are attempting to retrieve and more specifically how you are retrieving it?

 

I would also like to look at the web.xml file if you could provide it.

 

You are welcome to share these details in a private message if you would prefer.

 

Additionally, please investigate the details mentioned in CS229450 which covers the proper configuration of CORS on Tomcat with ThingWorx.

 

Regards,

Tyler Misner

ThingWorx Technical Support Engineer

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hi,

I have mentioned below my html code and web xml, Please do the needfull.

<html>
  <head>
  <meta charset="utf-8"/>
	<script>
		function httpGet()
		{
			//const theUrl = "http://192.168.0.53:8080/Thingworx/Things/test/Services/GetData?appKey=e359b63a-82b4-4a73-8f0f-6fa85bde51d0";
			const theUrl = "http://localhost:8080/Thingworx/Things/testthing/Services/test?appKey=e359b63a-82b4-4a73-8f0f-6fa85bde51d0";
			var xmlHttp = new XMLHttpRequest();
			xmlHttp.open( "POST", theUrl, false ); // false for synchronous request
			xmlHttp.setRequestHeader("Content-type", "application/json");
			xmlHttp.setRequestHeader("Accept","application/json");
			xmlHttp.setRequestHeader('Access-Control-Allow-Origin','Access-Control-Allow-Credentials');
			//var params = 'appKey=e359b63a-82b4-4a73-8f0f-6fa85bde51d0'
			xmlHttp.send();
			alert(xmlHttp.responseText)
			return xmlHttp.responseText;
		}
	</script>
	<script>
	function myFunction() {
	  alert("Hello! I am an alert box!");
	}
	</script>

  </head>
  <body>
	  <button onclick="httpGet()">Click me</button> 
	  <button onclick="myFunction()">Click me Test</button> 
  </body>
</html>
 

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hello Sathishkumar,

 

Thank you for these outputs. I have been able to reproduce this internally and am looking into this now.

 

I'll update you as soon as I have workaround the issue at hand.

 

Regards,

Tyler Misner

ThingWorx Technical Support Engineer

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hello Sathishkumar,

 

I was able to workaround this issue by modifying the filter in web.xml.

 

Please refer to the attached web-updated.xml.

 

Additionally, please note that you will need to have "Allow Application key as URL Parameter" in PlatformSubsystem checked to authenticate with the App Key in the URL versus the recommended approach of having it in a header.

 

Regards,

Tyler Misner

ThingWorx Technical Support Engineer

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hi Tyler.
Thanks for your response. But I am getting same response like 'No Access-Control-Allow-Origin'. I have updated web.xml and platform subsystem attributes.

Any other possible errors??

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hello Sathishkumar,

 

Thanks for the information.

 

I believe web.xml is configured correctly now so the messages regarding origin may be a red herring.

 

Lets try making a modification on the script side. Please comment out the following line and try again:

xmlHttp.setRequestHeader('Access-Control-Allow-Origin','Access-Control-Allow-Credentials');

 

These are not necessary in the Request header and this is likely why the function is failing with a 401 error (per the Network tab of Firefox Dev tools).

 

Regards,

Tyler Misner

ThingWorx Technical Support Engineer

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Sorry Tyler,

I am not updated the web.xml correctly. Now i have replaced web.xml file with you have shared.

Tomcat not is running but i am not able to see the tomcat landing page.

I have attached the log.

Highlighted

Re: No 'Access-Control-Allow-Origin' - Thingworx 8.4/8.5

Hello Sathishkumar,

 

This error looks to be unrelated to the changes in web.xml.

 

Per the catalina.log file you have a typo in your platform-settings.json with respect to the database connection:

20-Jun-2019 00:54:32.258 WARNING [commons-pool-EvictionTimer] org.postgresql.core.v3.ConnectionFactoryImpl.log SQLException occurred while connecting to localhost:5432
org.postgresql.util.PSQLException: FATAL: password authentication failed for user "twadmi"

 

Please correct this and restart Tomcat.

 

Regards,

Tyler Misner

ThingWorx Technical Support Engineer