servlet and cors | Community
Skip to main content
T
TB3dock
Level 8
May 5, 2021
Solved

servlet and cors

  • May 5, 2021
  • 3 replies
  • 2253 views

We have a serlvet which serves json to the front end which uses a fixed path, eg. /bin/myapi/somecall.

This works if you are calling it from the same host and port, but fails from anything else.  E.g. devs hitting a local author from react from 3000 instead of 4502

The "understanding cors" page hints that you can configure this with XML which starts with <jcr:root xmlns:sling=...

The question is, where in our source code should these XML files live, and what should they be called?

There is a section in the http://localhost:4502/system/console/configMgr for "com.adobe.granite.cors.impl.CORSPolicyImpl.d5e5ad16-601e-4215-8bad-15f4980b7722" but this is not editable for some devs (i.e. save doesn't save).

Can Cors be configured with json osgi configs?  If so, how does one know what number to put on the end for new ones?  Is there an example of this anywhere?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by MarkusBullaAdobe

Hi @tb3dock!

 

The required CORS configurations should be done as OSGI configurations on the "Adobe Granite Cross Origin Resource Sharing Policy" as pointed out in the documentation that you already mentioned. OSGI configurations are a common pattern in the AEM tech stack and you will find some additional explanations in some of your older threads on OSGI config topics. You should place an according OSGI config file (either XML or JSON format) in your code base, specifically into the ui.config module (if your project follows the AEM Maven archetype structure).

 

Please also refer to the following tutorial covering exactly your use case (as far as I understand your query):

Regarding your specific questions:

  • Where in our source code should these XML files live? ==> ui.config/src/main/content/jcr_root/apps/mysite/config/ - will be mapped to /apps/mysite/config/ inside the repository)
  • What should they be called? ==> com.adobe.granite.cors.impl.CORSPolicyImpl-myproject.cfg.json - reflecting the CORS policy services PID aka fully qulified class name. It needs to be appended with a custom identifier (in my example: "-myproject") because it is a factory configuration and it is possible to deploy multiple instances for this specific service. Instead of the JSON format you could also use the XML format references in the above mentioned documentation.
  • Can CORS be configured with json osgi configs? ==> As stated above: yes, you can use either the XML or the JSON format for OSGI configurations.
  • How does one know what number to put on the end for new ones? ==> As mentioned above: this is a unique identifier for this configuration. You can choose whatever you want, e. g. a string that reflects the configs purpose or your project (in my example: "-myproject"). The suffix is not limited to numbers. 

 

Hope that helps!

3 replies

Asutosh_Jena_
Community Advisor
Asutosh_Jena_Community Advisor
Community Advisor
May 5, 2021

Hi @tb3dock 

 

Here the exmaples are provided with XML. But if you want to use in AEM as Cloud, you can use the same as JSON and it can be stored under the osgi config folder where you kept all other OSGi configurations.

 

You need to add the your localhost:3000 to your allowedorigin property and it will allow you to make calls.

 

Thanks

    T
    TB3dockAuthor
    Level 8
    May 5, 2021
    what should the osgi file be called? the UI based ones seem to have a random number at the end.
    Ritesh_Mittal
    Community Advisor and Adobe Champion
    Ritesh_MittalCommunity Advisor and Adobe Champion
    Community Advisor and Adobe Champion
    May 5, 2021
     

    @tb3dock ,

     

    Just to confirm if you are really getting CORS error or Authentication error, since localhost:4502 is generally considered as author instance which requires authentication, so if you want to call any servlet which requires authentication then you need to set authorization header while calling the servlet/API.

     

    Other then this question, resource type based servlets are more preferable than path based ones because of security, dispatcher allow config, etc

      MarkusBullaAdobe
      Adobe Employee
      MarkusBullaAdobeAdobe EmployeeAccepted solution
      Adobe Employee
      May 5, 2021

      Hi @tb3dock!

       

      The required CORS configurations should be done as OSGI configurations on the "Adobe Granite Cross Origin Resource Sharing Policy" as pointed out in the documentation that you already mentioned. OSGI configurations are a common pattern in the AEM tech stack and you will find some additional explanations in some of your older threads on OSGI config topics. You should place an according OSGI config file (either XML or JSON format) in your code base, specifically into the ui.config module (if your project follows the AEM Maven archetype structure).

       

      Please also refer to the following tutorial covering exactly your use case (as far as I understand your query):

      Regarding your specific questions:

      • Where in our source code should these XML files live? ==> ui.config/src/main/content/jcr_root/apps/mysite/config/ - will be mapped to /apps/mysite/config/ inside the repository)
      • What should they be called? ==> com.adobe.granite.cors.impl.CORSPolicyImpl-myproject.cfg.json - reflecting the CORS policy services PID aka fully qulified class name. It needs to be appended with a custom identifier (in my example: "-myproject") because it is a factory configuration and it is possible to deploy multiple instances for this specific service. Instead of the JSON format you could also use the XML format references in the above mentioned documentation.
      • Can CORS be configured with json osgi configs? ==> As stated above: yes, you can use either the XML or the JSON format for OSGI configurations.
      • How does one know what number to put on the end for new ones? ==> As mentioned above: this is a unique identifier for this configuration. You can choose whatever you want, e. g. a string that reflects the configs purpose or your project (in my example: "-myproject"). The suffix is not limited to numbers. 

       

      Hope that helps!

        T
        TB3dockAuthor
        Level 8
        May 6, 2021

        Thanks for the reply. I tried creating the following file: /myapp-web.ui.config/src/main/content/jcr_root/apps/eyas-web/osgiconfig/config.author.dev/com.adobe.granite.cors.impl.CORSPolicyImpl-myapp.cfg.json with the following content:

         

         

        { "alloworigin":["*"], "alloworiginregexp":[], "allowedpaths":[".*"], "exposedheaders":[""], "maxage":1800, "supportedheaders":["*"], "supportedmethods":["GET","POST"], "supportedcredentials":"true" }

         

         

         

        When I build with the usual mvn clean install -PautoInstallSinglePackage, this config seems to be ignored: when I look in http://localhost:4502/system/console/configMgr its not there.

        Any ideas?  Are we sure it should be a minus sign between the PID and my app name?

         

        I tried with a . instead of -, and I also tried putting the file in the global /config. Neither helped unfortunately.

        Terms & ConditionsAccessibility statement

        Loading footer...