Good afternoon, I'm trying to make a request to the OutSystem module REST method. Since The application from which the request is made is in a different domain, the CORS request is made. According to the specification https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests, the request for the preflight request with type 'OPTION' occurs first, but the platform answers with 404 code. Tell me how to solve this problem?

Not CORS request was handled success.

CORS request was crushed.

According to this page There isn't something like 'Option'

https://success.outsystems.com/Documentation/11/Extensibility_and_Integration/REST/Expose_REST_APIs/Expose_a_REST_API

Are you sure you need to Use 'Options' to check CORS, Is there no other way to determine if  CORS is Enabled without using "Options" Im just curios about this. I will do some R&D on this later though.


There might be an way to directly set on the server for these values, But I am unaware of it at this moment. 

Earlier when I had Similar Requirement, I just moved that Particular web service to A seperate NodeJs server where I could Easily Enable Cors. But I know this isn't the right solution . It worked for me for Time being at that time.

I will wait for someone else's answers as well.

When you request to another domain library(most popular JS Http-client libraries: fetch, axios.) sends preflight request with 'OPTIONS' type.


Yes, we can sends parameters in URL, but it is not always convenient.


Second case we can use mode 'no-cors' in fetch library, but then we will not be able to send custom headers. For example, in my case I need sends 'Authorization" header with token.

I think this might help a bit. I have not gone In depth in it but it sounds like some config for setting up cors. 

https://www.outsystems.com/forums/discussion/16964/how-to-add-custom-response-headers/


Let me know if this works for you.


Also I wanted to ask, Is it Nessasary that you access the data through Fetch or Ajax or Axios (I mean through front - end) Instead of using browser to fetch data, if you fetch data from your server and pass it to the front end from your own server this issue will not occur right ?


I guess you have some reasons that you have to do it through front end only, Maybe trying to save Memory or Network traffic etc.


Just curios to know your reasons.


Hi,

The platform rest requests are supposed to answer to Option requests and allow cors (as shown in the headers of the first request).

Does the url work on the same host without the CORS restrictions? Or would it return a 404 as well?


Regards,

João Rosado

Just tested against my personal environment and it really does not seem to be replying to any Option requests.


I'll try tomorrow on a on-premise machine to see if it's a problem just on the personal environments.


Regards,

João Rosado


coder kamath wrote:

According to this page There isn't something like 'Option'

https://success.outsystems.com/Documentation/11/Extensibility_and_Integration/REST/Expose_REST_APIs/Expose_a_REST_API

Are you sure you need to Use 'Options' to check CORS, Is there no other way to determine if  CORS is Enabled without using "Options" Im just curios about this. I will do some R&D on this later though.


There might be an way to directly set on the server for these values, But I am unaware of it at this moment. 

Earlier when I had Similar Requirement, I just moved that Particular web service to A seperate NodeJs server where I could Easily Enable Cors. But I know this isn't the right solution . It worked for me for Time being at that time.

I will wait for someone else's answers as well.

Now I'm R&D OutSystems opportunities. I have small system, which consist from few applications. When y research I trying migrate part of the systems: backend migrate to outsystems module service, web-application migrate to outsystems web module. And I have third desktop application to developed with Electron(framework whose provide develop desktop application using JS and JS frameworks). And on this task I trying send request from desktop application to outsystems service module. Simple queries(without custom headers and without application/json body) execute successfully.

Thank you for this link, but I  saw it few days ago. I can't login in this module and write request  with this problem in support.

João Rosado wrote:

Hi,

The platform rest requests are supposed to answer to Option requests and allow cors (as shown in the headers of the first request).

Does the url work on the same host without the CORS restrictions? Or would it return a 404 as well?


Regards,

João Rosado

Yes, it'is works. And for example, when I test this REST method using Postman, query end successfully. Because Postman doesn't send preflight 'OPTION' request.


Hi Yuriy,


Looks like it's a problem caused the security improvements made on the new O11 cloud machines for both personal and enterprise cloud environments that is blocking the Options verbs.

Asked for this to be escalated back to the security teams to be reviewed.


Regards,
João Rosado

Thank you for the answer! How I can be notify about new information about this case from security teams? 

I'll reply here when I get some answer back.

Hi Yuriy,


I got an answer back and this configuration will be reverted to allow the CORS scenarios.

In terms of personals this means that will be solved on the next personal version upgrades, that are currently planned to start occurring in 2 or 3 weeks (if all goes as planned).


Regards,
João Rosado

João Rosado wrote:

Hi Yuriy,


I got an answer back and this configuration will be reverted to allow the CORS scenarios.

In terms of personals this means that will be solved on the next personal version upgrades, that are currently planned to start occurring in 2 or 3 weeks (if all goes as planned).


Regards,
João Rosado

Hi João.

Thank you for the answer.