cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1655
Views
5
Helpful
6
Replies

ICM - CORS - Bypass authentication for OPTIONS preflight requests

abailey5430
Beginner
Beginner

I am working on setting up a web application on its own server that uses ICM APIs to gather and update agent objects. I am currently getting 401 Unauthorized responses from the AW/HDS server because ICM is trying to authenticate during the initial OPTIONS preflight request. Has anybody found a way to specify OPTIONS request behavior on the ICM side? If I could bypass the authentication on the OPTIONS request, and then provide it during the subsequent request, then this should work.

6 Replies 6

david.macias
VIP Advocate VIP Advocate
VIP Advocate

I'm not following what the issue is. It is my understanding that CORS has nothing to do with options preflight request. Are you sure you're not just running into a CORS issue? This is generally fixed by making changes to the Tomcat config in the aW.

 

david

The current issue is that the UCCE REST APIs all expect authentication information. Because the calling web application resides on a different host, the browser sends an OPTIONS preflight request to check with UCCE whether or not to allow the communication.

 

The trouble with OPTIONS preflight requests is that they do not carry authentication data, so when the UCCE system receives an OPTIONS request, it inspects that request for authentication data, sees it does not exist, and then responds to the browser with 401 Forbidden.

 

It seems to me that the path forward would be to configure the AW/HDS web server to always respond 200 OK to OPTIONS requests from the specified origin, but I have not found a way to do that.

This is my understanding of the issue, anyway, so maybe I'm completely misinterpreting the issue.

abailey5430
Beginner
Beginner
This is the communication flow:
      {
        "_initiator": {
          "type": "script",
          "stack": {
            "callFrames": [
              {
                "functionName": "populateTeams",
                "scriptId": "11",
                "url": "https://webserver.com/attributeUpdater/app.js",
                "lineNumber": 84,
                "columnNumber": 12
              },
              {
                "functionName": "encodeCreds",
                "scriptId": "11",
                "url": "https://webserver.com/attributeUpdater/app.js",
                "lineNumber": 30,
                "columnNumber": 19
              },
              {
                "functionName": "onclick",
                "scriptId": "13",
                "url": "https://webserver.com/attributeUpdater/index.html",
                "lineNumber": 18,
                "columnNumber": 79
              }
            ]
          }
        },
        "_priority": "VeryHigh",
        "_resourceType": "xhr",
        "cache": {},
        "pageref": "page_1",
        "request": {
          "method": "GET",
          "url": "https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true",
          "httpVersion": "",
          "headers": [
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
            },
            {
              "name": "Referer",
              "value": "https://webserver.com/"
            },
            {
              "name": "Authorization",
              "value": "Basic YJa="
            },
            {
              "name": "Content-Type",
              "value": "*/*"
            }
          ],
          "queryString": [
            {
              "name": "summary",
              "value": "true"
            }
          ],
          "cookies": [],
          "headersSize": -1,
          "bodySize": 0
        },
        "response": {
          "status": 0,
          "statusText": "",
          "httpVersion": "",
          "headers": [],
          "cookies": [],
          "content": {
            "size": 0,
            "mimeType": "x-unknown"
          },
          "redirectURL": "",
          "headersSize": -1,
          "bodySize": -1,
          "_transferSize": 0,
          "_error": "net::ERR_FAILED"
        },
        "serverIPAddress": "",
        "startedDateTime": "2020-12-18T16:51:25.468Z",
        "time": 0.6843560000415891,
        "timings": {
          "blocked": 0.6843560000415891,
          "dns": -1,
          "ssl": -1,
          "connect": -1,
          "send": 0,
          "wait": 0,
          "receive": 0,
          "_blocked_queueing": -1
        }
      },
      {
        "_initiator": {
          "type": "other",
          "url": "https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true"
        },
        "_priority": "VeryHigh",
        "_resourceType": "other",
        "cache": {},
        "connection": "292805",
        "pageref": "page_1",
        "request": {
          "method": "OPTIONS",
          "url": "https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Host",
              "value": "ucce-awhds-server.com"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Accept",
              "value": "*/*"
            },
            {
              "name": "Access-Control-Request-Method",
              "value": "GET"
            },
            {
              "name": "Access-Control-Request-Headers",
              "value": "authorization,content-type"
            },
            {
              "name": "Origin",
              "value": "https://webserver.com"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
            },
            {
              "name": "Sec-Fetch-Mode",
              "value": "cors"
            },
            {
              "name": "Sec-Fetch-Site",
              "value": "same-site"
            },
            {
              "name": "Sec-Fetch-Dest",
              "value": "empty"
            },
            {
              "name": "Referer",
              "value": "https://webserver.com/"
            },
            {
              "name": "Accept-Encoding",
              "value": "gzip, deflate, br"
            },
            {
              "name": "Accept-Language",
              "value": "en-US,en;q=0.9"
            }
          ],
          "queryString": [
            {
              "name": "summary",
              "value": "true"
            }
          ],
          "cookies": [],
          "headersSize": 603,
          "bodySize": 0
        },
        "response": {
          "status": 401,
          "statusText": "Unauthorized",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Cache-Control",
              "value": "private"
            },
            {
              "name": "Content-Type",
              "value": "text/html"
            },
            {
              "name": "Expires",
              "value": "Wed, 31 Dec 1969 16:00:00 PST"
            },
            {
              "name": "Server",
              "value": "Microsoft-IIS/8.5"
            },
            {
              "name": "WWW-Authenticate",
              "value": "Basic realm=\"Cisco VTG Realm\""
            },
            {
              "name": "Set-Cookie",
              "value": "JSESSIONID=C4394FB921A078207F22EEEC84F86E64; Path=/unifiedconfig; Secure; HttpOnly"
            },
            {
              "name": "Access-Control-Allow-Origin",
              "value": "https://webserver.com"
            },
            {
              "name": "Access-Control-Allow-Headers",
              "value": "Accept, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Authorization, Connection, Content-Type, Host, Origin, Referer, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, User-Agent"
            },
            {
              "name": "Access-Control-Allow-Methods",
              "value": "OPTIONS, GET"
            },
            {
              "name": "Access-Control-Request-Method",
              "value": "GET, PUT, POST, OPTIONS"
            },
            {
              "name": "Access-Control-Allow-Credentials",
              "value": "true"
            },
            {
              "name": "Date",
              "value": "Fri, 18 Dec 2020 16:51:04 GMT"
            },
            {
              "name": "Content-Length",
              "value": "0"
            }
          ],
          "cookies": [
            {
              "name": "JSESSIONID",
              "value": "C4394FB921A078207F22EEEC84F86E64",
              "path": "/unifiedconfig",
              "domain": "ucce-awhds-server.com",
              "expires": null,
              "httpOnly": true,
              "secure": true
            }
          ],
          "content": {
            "size": 0,
            "mimeType": "text/html",
            "compression": 814
          },
          "redirectURL": "",
          "headersSize": 814,
          "bodySize": -814,
          "_transferSize": 0,
          "_error": null
        },
        "serverIPAddress": "10.130.224.127",
        "startedDateTime": "2020-12-18T16:51:25.472Z",
        "time": 679.5759999927432,
        "timings": {
          "blocked": 429.769,
          "dns": 0.01799999999997226,
          "ssl": 125.911,
          "connect": 185.04099999999994,
          "send": 0.1370000000000573,
          "wait": 64.28400000573322,
          "receive": 0.32699998700991273,
          "_blocked_queueing": -1
        }
      }
    ]
  }
}

Here is the request in js:
var request = new XMLHttpRequest();
request.open('GET', 'https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true', false); request.setRequestHeader('Content-Type', '*/*');
request.setRequestHeader('Authorization', 'Basic ' + cred); request.send();

Rhinehartcmind
Beginner
Beginner

Did you ever figure this out. I am trying to use the outbound API in pcce 12.5 and continually get blocked due to cors. Did you identify the settings needed for the AW in tomcat to adjust?

 

Thanks,

 

Rick

Unfortunately, no. I ended up hosting my web application directly on the AW to negate the issue entirely.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers