Expand my Community achievements bar.

CORS issue in AEM servlet with PUT method

Avatar

Level 3
Level 3
3/1/24 3:11:41 AM

Hello

I'm working on a service that contains GET, PUT, POST, and DELETE methods. But faced issues with doPut method. 

I configured

Added needed methods

aliaksandr_hvoz_0-1709291167007.png

Removed from filter

aliaksandr_hvoz_1-1709291199018.png

Remove from the filter and allow empty

aliaksandr_hvoz_2-1709291279083.png

Sending request from ReactJS app

aliaksandr_hvoz_3-1709291353099.png

In browser, I see 2 requests

aliaksandr_hvoz_4-1709291389992.png

aliaksandr_hvoz_5-1709291402141.png

And this request doesn't work. But via POSTMAN PUT request works as expected. Where did I go wrong?

 

Thanks.

 

Views

535

Replies

9
Sign in to like this content

Total Likes

Translate
Translate
9 Replies

Avatar

Level 10
Level 10
3/1/24 3:23:44 AM

@aliaksandr_hvoz It must be access with the help of anonymous user in author with the help of Sling Authentication and for postman also.

Postman must be giving 401 error code while making call in response. To make a call via POSTMAN it will require authorization as show below:

Imran__Khan_0-1709292320901.png

 

Below process will allow us to access servlet via postman or in public:

Under ui.config module looks for config.author folder and create file and name as org.apache.sling.engine.impl.auth.SlingAuthenticator.cfg.json

 

Paste below content within the file

 

 

{
  "sling.auth.requirements":[
    "+/",
    "-/libs/granite/core/content/login",
    "-/etc.clientlibs",
    "-/etc/clientlibs/granite",
    "-/libs/dam/remoteassets/content/loginerror",
    "-/aem/update.theme",
    "-/linkexpired",
    "-/replace_this_with_your_servlet_path"
  ]
}

Add an entry in sling.auth.requirements parameter.

If you want anonymous access, you have to put a '-' before the path.'

Deploy the code and test, it should work.

 

for more details:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/is-it-possiable-to-enable-...

Views

520

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/1/24 3:40:49 AM
In response to Imran__Khan

Hello.

I log in to Postpan.

aliaksandr_hvoz_0-1709293205200.png

I don’t want to use anonymous because it will lead to the fact that authorization will not be needed - it’s not safe.

Views

510

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/1/24 5:36:01 AM

Hi, 


The reason is that in your ReactJS app, it will first trigger a "preflight" request to ensure there are no CORS issues. This request is of type OPTIONS (this is missing in your 1st screenshoot). In contrast, Postman will avoid this and only execute the method (request) you are attempting to perform. To solve the problem, you would need to add the OPTIONS method to the "allowed methods" in the CORS configuration.

You can read more here:

https://www.linkedin.com/pulse/understaing-preflight-cors-side-effects-related-its-server-mohanty/

https://stackoverflow.com/questions/15381105/what-is-the-motivation-behind-the-introduction-of-prefl... 

 

Hope this helps!

 


Esteban Bustamante

Views

484

Replies

5
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/1/24 6:51:15 AM
In response to EstebanBustamante

The request with OPTIONS returned with 200 status and PUT with CORS issue.

I added OPTIONS to "allowed methods".

aliaksandr_hvoz_0-1709304655317.png

aliaksandr_hvoz_1-1709304667537.png

 

Views

470

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/2/24 8:52:12 AM
In response to aliaksandr_hvoz

can you please give the actual CORS error message - actual error message in the browser console

Views

420

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/3/24 11:09:02 PM
In response to SureshDhulipudi

Hello @SureshDhulipudi 

So. I think that the problem is because the AEM and React applications are located on different machines (they have different IPs). I transferred the React application to the machine where AEM is located, indicated in "Allowed Origins" that the connection would be from localhost:3000 and everything worked. But if I indicate that requests to AEM will be from another IP, the error appears again.

 

Access to fetch at 'http://192.168.1.209:4502/bin/user' from origin 'http://192.168.0.141:3000' has been blocked by CORS policy: Method PUT is not allowed by Access-Control-Allow-Methods in preflight response.

 

 

 

Views

386

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
3/4/24 12:16:20 AM
In response to aliaksandr_hvoz

Hi @aliaksandr_hvoz 

Since you are accessing the author instance from a react app, In additon to allowing "OPTIONS" and "PUT" request methods, could you please check if the "Authorization" header is entered in the "Supported headers" property of CORS policy.

Views

383

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/4/24 9:54:48 AM

And so, from my observations.

As I understand it, this error occurs because I am accessing AEM from a React application from another machine (another IP).

How to solve this problem?

Views

331

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Requesting Feedback from Dynamic Media Users: Adobe AEM Dynamic Media Survey

Views

97

Likes

0

Replies

0
[AEM access configuration] Manage permissions at program level Cloud Manager

Views

113

Likes

0

Replies

3
Setting Up SSL in AEM to Enable HTTPS

Views

73

Likes

2

Replies

0
URL rewriting in AEM cloud using etc/maps and resource resolver mappings

Views

807

Likes

0

Replies

14
AEMaaCS local Build Issues

Views

112

Like

1

Replies

2