This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Where to add Access-Control-Allow-Origin?

FormerMember over 9 years ago

Hi all, I'm trying to poll data from the REST API, only I can't get that data because of an access-control-allow-origin header error. I've tried adding the appropriate xml data to the web config for both the inetpub and solarwinds web.config files, but I still see the error. Does anyone know where I should add the header info to talk Solarwinds into allowing the ajax request cross-domain?

I'm running IIS 7.5. I restarted the server after making the change below.

The information I added to the web.config file is below. (I would swap the "*" for a specific origin once I got this working.)

</customHeaders>

</httpProtocol>

Any one have any ideas?

0 tdanner over 9 years ago

Could you give a little more information on what you are trying to do?
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 9 years ago in reply to tdanner

Sure. I was trying to use jQuery to do an AJAX request to our Solarwinds server. The server is in a different domain, so JSON runs into the same origin policy. JSONP would get around this (I only need to do get requests for this application) but Solarwinds doesn't speak JSONP.
Using JSONP though, I can see that my HTTP request is formatted properly because I can see the expected response in the response header using Chrome dev tools.
So what I was looking to do was to add the "access-control-allow-origin * " line to the IIS web.config on the Solarwinds server, but when I do, it renders the solarwinds web interface inoperable until I remove the line.
The ultimate goal was just to create way to include basic information from Solarwinds within another application. I was hoping for an all client-side solution, but I couldn't get past this issue, unfortunately.
Cancel
Vote Up 0 Vote Down

Cancel
0 tdanner over 9 years ago in reply to FormerMember

That helps. So in this scenario, there are three relevant servers:
1. The Orion web server. ASP.NET, IIS. Typically on port 80.
2. The Information Service. Running on the same server as #1, but not in IIS. It's hosted by SolarWinds.InformationService.ServiceV3.exe and the REST API is on port 17778. This API is implemented using WCF's WebHttpBinding.
3. Your own application server.
If I understand correctly, you have some javascript whose origin is #3 and it wants to make XHR calls to #2. Chrome is rejecting this due to Same-Origin-Policy, so you are trying to fix this configuring the CORS header on #1. This doesn't work because #1 is not part of that call. To make this work, you would need to add the CORS header to #2. Unfortunately, unlike ASP.NET, WebHttpBinding does not support adding extra response headers from the config file - it has to be done from code.
Can you write a simple server-side proxy (to run on #3) for the SolarWinds REST API? That would work around this problem.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 9 years ago in reply to tdanner

That was kind of the conclusion I came to. I'm in the process of figuring out a server-side proxy, as I've never had to do one of those before.
Thanks for the feedback!
Cancel
Vote Up 0 Vote Down

Cancel