4 Replies Latest reply on Dec 3, 2014 1:59 PM by matt_in_slo

    Where to add Access-Control-Allow-Origin?


      Hi all, I'm trying to poll data from the REST API, only I can't get that data because of an access-control-allow-origin header error.  I've tried adding the appropriate xml data to the web config for both the inetpub and solarwinds web.config files, but I still see the error.  Does anyone know where I should add the header info to talk Solarwinds into allowing the ajax request cross-domain? 


      I'm running IIS 7.5.  I restarted the server after making the change below.


      The information I added to the web.config file is below. (I would swap the "*" for a specific origin once I got this working.)



            <add name="Access-Control-Allow-Origin" value="*" />

            <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />

            <add name="Access-Control-Allow-Headers" value="Content-Type" />





      Any one have any ideas? 

        • Re: Where to add Access-Control-Allow-Origin?

          Could you give a little more information on what you are trying to do?

            • Re: Where to add Access-Control-Allow-Origin?

              Sure.  I was trying to use jQuery to do an AJAX request to our Solarwinds server.  The server is in a different domain, so JSON runs into the same origin policy.  JSONP would get around this (I only need to do get requests for this application) but Solarwinds doesn't speak JSONP. 


              Using JSONP though, I can see that my HTTP request is formatted properly because I can see the expected response in the response header using Chrome dev tools. 


              So what I was looking to do was to add the "access-control-allow-origin * " line to the IIS web.config on the Solarwinds server, but when I do, it renders the solarwinds web interface inoperable until I remove the line. 


              The ultimate goal was just to create way to include basic information from Solarwinds within another application.  I was hoping for an all client-side solution, but I couldn't get past this issue, unfortunately. 

                • Re: Where to add Access-Control-Allow-Origin?

                  That helps. So in this scenario, there are three relevant servers:


                  1. The Orion web server. ASP.NET, IIS. Typically on port 80.

                  2. The Information Service. Running on the same server as #1, but not in IIS. It's hosted by SolarWinds.InformationService.ServiceV3.exe and the REST API is on port 17778. This API is implemented using WCF's WebHttpBinding.

                  3. Your own application server.


                  If I understand correctly, you have some javascript whose origin is #3 and it wants to make XHR calls to #2. Chrome is rejecting this due to Same-Origin-Policy, so you are trying to fix this configuring the CORS header on #1. This doesn't work because #1 is not part of that call. To make this work, you would need to add the CORS header to #2. Unfortunately, unlike ASP.NET, WebHttpBinding does not support adding extra response headers from the config file - it has to be done from code.


                  Can you write a simple server-side proxy (to run on #3) for the SolarWinds REST API? That would work around this problem.