Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Access-Control-Allow-Origin missing in response

Avatar

Avatar
Ignite 10
Level 4
TB3dock
Level 4

Likes

34 likes

Total Posts

203 posts

Correct Reply

4 solutions
Top badges earned
Ignite 10
Boost 25
Give Back 25
Validate 10
Validate 1
View profile

Avatar
Ignite 10
Level 4
TB3dock
Level 4

Likes

34 likes

Total Posts

203 posts

Correct Reply

4 solutions
Top badges earned
Ignite 10
Boost 25
Give Back 25
Validate 10
Validate 1
View profile
TB3dock
Level 4

05-05-2021

Cors is not working.  We added a "*" based entry in the configmnager, but this does not help either.

Using postman, we see the header Access-Control-Allow-Origin  is not being set in the response from AEM. Is this normal?

 

TB3dock_0-1620211953038.png

 

Here is the postman conversation:

TB3dock_1-1620210081701.png

I would have expected to see Access-Control-Allow-Origin: * in the response?

 

I just tried sending OPTION request instead of post, and included Access-Control-Request-MethodPOST in the request,but this also does not respond with the expected cors headers.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

105 likes

Total Posts

87 posts

Correct Reply

45 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

105 likes

Total Posts

87 posts

Correct Reply

45 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile
markus_bulla_adobe
Employee

05-05-2021

Hi @TB3dock!

At a first glance, your OSGI configuration looks ok and things should work as expected.

For further debugging I would refer your to the Troubleshooting section of the "Understanding CORS" documentation page. Please create a logger for the com.adobe.granite.cors package on DEBUG (or even TRACE) level and see if you can find additional insights on the matter.

 

Apart from that one general note.

 

I'm sure you are aware of this and obviously you're currently in a troubleshooting/debugging working mode, but please also refer to the following warning on the "Understanding CORS" documentation page:
"It is absolutely not recommended to use Allow-Origin: * in production since it allows every foreign (i.e. attacker) website to make requests that without CORS are strictly prohibited by browsers."

 

Hope that helps!

Answers (1)

Answers (1)

Avatar

Avatar
Boost 5
Level 5
Ritesh_M
Level 5

Likes

86 likes

Total Posts

73 posts

Correct Reply

24 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 1
View profile

Avatar
Boost 5
Level 5
Ritesh_M
Level 5

Likes

86 likes

Total Posts

73 posts

Correct Reply

24 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 1
View profile
Ritesh_M
Level 5

05-05-2021

 

@TB3dock 

 

There is another question posted by you, if they are talking about same issue. I have tried giving response if that helps-

 

Another thread-

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/servlet-and-cors/qaq-p/406...