cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
237
Views
5
Helpful
6
Replies
abailey5430
Beginner

ICM - CORS - Bypass authentication for OPTIONS preflight requests

I am working on setting up a web application on its own server that uses ICM APIs to gather and update agent objects. I am currently getting 401 Unauthorized responses from the AW/HDS server because ICM is trying to authenticate during the initial OPTIONS preflight request. Has anybody found a way to specify OPTIONS request behavior on the ICM side? If I could bypass the authentication on the OPTIONS request, and then provide it during the subsequent request, then this should work.

6 REPLIES 6
david.macias
VIP Engager

I'm not following what the issue is. It is my understanding that CORS has nothing to do with options preflight request. Are you sure you're not just running into a CORS issue? This is generally fixed by making changes to the Tomcat config in the aW.

 

david

The current issue is that the UCCE REST APIs all expect authentication information. Because the calling web application resides on a different host, the browser sends an OPTIONS preflight request to check with UCCE whether or not to allow the communication.

 

The trouble with OPTIONS preflight requests is that they do not carry authentication data, so when the UCCE system receives an OPTIONS request, it inspects that request for authentication data, sees it does not exist, and then responds to the browser with 401 Forbidden.

 

It seems to me that the path forward would be to configure the AW/HDS web server to always respond 200 OK to OPTIONS requests from the specified origin, but I have not found a way to do that.

This is my understanding of the issue, anyway, so maybe I'm completely misinterpreting the issue.

abailey5430
Beginner

This is the communication flow:
      {
        "_initiator": {
          "type": "script",
          "stack": {
            "callFrames": [
              {
                "functionName": "populateTeams",
                "scriptId": "11",
                "url": "https://webserver.com/attributeUpdater/app.js",
                "lineNumber": 84,
                "columnNumber": 12
              },
              {
                "functionName": "encodeCreds",
                "scriptId": "11",
                "url": "https://webserver.com/attributeUpdater/app.js",
                "lineNumber": 30,
                "columnNumber": 19
              },
              {
                "functionName": "onclick",
                "scriptId": "13",
                "url": "https://webserver.com/attributeUpdater/index.html",
                "lineNumber": 18,
                "columnNumber": 79
              }
            ]
          }
        },
        "_priority": "VeryHigh",
        "_resourceType": "xhr",
        "cache": {},
        "pageref": "page_1",
        "request": {
          "method": "GET",
          "url": "https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true",
          "httpVersion": "",
          "headers": [
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
            },
            {
              "name": "Referer",
              "value": "https://webserver.com/"
            },
            {
              "name": "Authorization",
              "value": "Basic YJa="
            },
            {
              "name": "Content-Type",
              "value": "*/*"
            }
          ],
          "queryString": [
            {
              "name": "summary",
              "value": "true"
            }
          ],
          "cookies": [],
          "headersSize": -1,
          "bodySize": 0
        },
        "response": {
          "status": 0,
          "statusText": "",
          "httpVersion": "",
          "headers": [],
          "cookies": [],
          "content": {
            "size": 0,
            "mimeType": "x-unknown"
          },
          "redirectURL": "",
          "headersSize": -1,
          "bodySize": -1,
          "_transferSize": 0,
          "_error": "net::ERR_FAILED"
        },
        "serverIPAddress": "",
        "startedDateTime": "2020-12-18T16:51:25.468Z",
        "time": 0.6843560000415891,
        "timings": {
          "blocked": 0.6843560000415891,
          "dns": -1,
          "ssl": -1,
          "connect": -1,
          "send": 0,
          "wait": 0,
          "receive": 0,
          "_blocked_queueing": -1
        }
      },
      {
        "_initiator": {
          "type": "other",
          "url": "https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true"
        },
        "_priority": "VeryHigh",
        "_resourceType": "other",
        "cache": {},
        "connection": "292805",
        "pageref": "page_1",
        "request": {
          "method": "OPTIONS",
          "url": "https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Host",
              "value": "ucce-awhds-server.com"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Accept",
              "value": "*/*"
            },
            {
              "name": "Access-Control-Request-Method",
              "value": "GET"
            },
            {
              "name": "Access-Control-Request-Headers",
              "value": "authorization,content-type"
            },
            {
              "name": "Origin",
              "value": "https://webserver.com"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
            },
            {
              "name": "Sec-Fetch-Mode",
              "value": "cors"
            },
            {
              "name": "Sec-Fetch-Site",
              "value": "same-site"
            },
            {
              "name": "Sec-Fetch-Dest",
              "value": "empty"
            },
            {
              "name": "Referer",
              "value": "https://webserver.com/"
            },
            {
              "name": "Accept-Encoding",
              "value": "gzip, deflate, br"
            },
            {
              "name": "Accept-Language",
              "value": "en-US,en;q=0.9"
            }
          ],
          "queryString": [
            {
              "name": "summary",
              "value": "true"
            }
          ],
          "cookies": [],
          "headersSize": 603,
          "bodySize": 0
        },
        "response": {
          "status": 401,
          "statusText": "Unauthorized",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Cache-Control",
              "value": "private"
            },
            {
              "name": "Content-Type",
              "value": "text/html"
            },
            {
              "name": "Expires",
              "value": "Wed, 31 Dec 1969 16:00:00 PST"
            },
            {
              "name": "Server",
              "value": "Microsoft-IIS/8.5"
            },
            {
              "name": "WWW-Authenticate",
              "value": "Basic realm=\"Cisco VTG Realm\""
            },
            {
              "name": "Set-Cookie",
              "value": "JSESSIONID=C4394FB921A078207F22EEEC84F86E64; Path=/unifiedconfig; Secure; HttpOnly"
            },
            {
              "name": "Access-Control-Allow-Origin",
              "value": "https://webserver.com"
            },
            {
              "name": "Access-Control-Allow-Headers",
              "value": "Accept, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Authorization, Connection, Content-Type, Host, Origin, Referer, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, User-Agent"
            },
            {
              "name": "Access-Control-Allow-Methods",
              "value": "OPTIONS, GET"
            },
            {
              "name": "Access-Control-Request-Method",
              "value": "GET, PUT, POST, OPTIONS"
            },
            {
              "name": "Access-Control-Allow-Credentials",
              "value": "true"
            },
            {
              "name": "Date",
              "value": "Fri, 18 Dec 2020 16:51:04 GMT"
            },
            {
              "name": "Content-Length",
              "value": "0"
            }
          ],
          "cookies": [
            {
              "name": "JSESSIONID",
              "value": "C4394FB921A078207F22EEEC84F86E64",
              "path": "/unifiedconfig",
              "domain": "ucce-awhds-server.com",
              "expires": null,
              "httpOnly": true,
              "secure": true
            }
          ],
          "content": {
            "size": 0,
            "mimeType": "text/html",
            "compression": 814
          },
          "redirectURL": "",
          "headersSize": 814,
          "bodySize": -814,
          "_transferSize": 0,
          "_error": null
        },
        "serverIPAddress": "10.130.224.127",
        "startedDateTime": "2020-12-18T16:51:25.472Z",
        "time": 679.5759999927432,
        "timings": {
          "blocked": 429.769,
          "dns": 0.01799999999997226,
          "ssl": 125.911,
          "connect": 185.04099999999994,
          "send": 0.1370000000000573,
          "wait": 64.28400000573322,
          "receive": 0.32699998700991273,
          "_blocked_queueing": -1
        }
      }
    ]
  }
}

Here is the request in js:
var request = new XMLHttpRequest();
request.open('GET', 'https://ucce-awhds-server.com/unifiedconfig/config/agentteam?summary=true', false); request.setRequestHeader('Content-Type', '*/*');
request.setRequestHeader('Authorization', 'Basic ' + cred); request.send();

Rhinehartcmind
Beginner

Did you ever figure this out. I am trying to use the outbound API in pcce 12.5 and continually get blocked due to cors. Did you identify the settings needed for the AW in tomcat to adjust?

 

Thanks,

 

Rick

Unfortunately, no. I ended up hosting my web application directly on the AW to negate the issue entirely.

Content for Community-Ad

This widget could not be displayed.