Hi,
So far I've been unable to communicate with either our app servers or the Developer Virtual Machine from localhost (xampp) due to the CORS header and the Access-Control-Allow-Origin policy.
Unless I'm just really bad at searching, I haven't found any information that worked on configuring this correctly in Tomcat for the Developer VM.
Has anyone else run into this issue?
Ryan
Thanks for doing this work, Ryan. The Learn REST APIs don't support CORS at this time. You can get around this by building an API proxy, or as you have discovered, modifying the tomcat configuration if you have access. We are currently investigating the best way to handle AJAX-type requests.
Thanks Scott, good to know it's being looked at.
I remember at DevCon in Darwin Australia you demonstrated the SignUp List which was built using the MEAN stack and I believe hosted on Heroku, so I assume that was using Angular's $http wrapper for AJAX. https://github.com/blackboard/BBDN-SignUp-List
How did you work around this issue for the project? Does it contain an API proxy?
In the SignUp List, the Learn calls are actually handled on the Node.JS backend. I did just this morning build a quick user sign up in Angular 2 to show how to use a proxy:
I'll be writing up a blog to document this and why it is done and I'll attach it to the pending Authentication document that my colleague is working on.
Thanks Scott, this is exactly the kind of document I was looking for when trying to work around this!
Help
Privacy
Behind the Blackboard
Blackboard.com
Well, looks like I was able to resolve this by modifying Tomcat's web.xml file, located at %BB_HOME%/apps/tomcat/conf/web.xml
From Apache Tomcat 8 Configuration Reference (8.5.23) - Container Provided Filters
Based on the example I also had to add the "Authorization" header in cors.allowed.headers, and in a Production environment I wouldn't leave cors.allowed.origins as a wildcard - restrict that to only the server running your REST application. You may wish to add the DELETE and PATCH methods in order to use those APIs.
I'd still prefer it if I could configure this only for the REST API endpoints, rather than Tomcat as a whole. Our applications server are still fronted by Apache which I could do more advanced config in, but Blackboard supports the Tomcat-only approach.