Modifying headers for CORS ?

Are you using LiveCode to create server scripts or CGIs?

Moderators: Klaus, FourthWorld, heatherlaine, kevinmiller, robinmiller

Post Reply
samuel.vannesteBUSGvXT
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 34
Joined: Wed Sep 19, 2012 6:32 pm
Location: Versailles, France

Modifying headers for CORS ?

Post by samuel.vannesteBUSGvXT » Wed Oct 21, 2015 5:24 pm

Hello,

I do apologize if the question seems to be a newbie one but I am very uncomfortable with this subject and don't really understand what I am trying to do. That's the reason why I am calling for a little help on this, please.

I have to deal with an existing HTML5 application which does GET requests to a LiveCode script (CGI mode with Apache on Linux).
For that I have to enable CORS and like it is described on its web site, I have tried to add this in the <Directory> directive and even in a .htaccess file

Code: Select all

Header set Access-Control-Allow-Origin "*"
It doesn't work. So, I have searched in the application's help documents and found that way of controlling the headers from a PHP script :

Code: Select all

// Enable CORS (http://enable-cors.org/server_php.html)
header('Access-Control-Allow-Origin: *');

// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

  if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS");

  if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
    header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

  exit;
}
I would translate that in LiveCode like this :

Code: Select all

put header "Access-Control-Allow-Origin: *"

if $_SERVER['REQUEST_METHOD'] = "OPTIONS" then
  
  if $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] is not empty then
     put header "Access-Control-Allow-Methods: GET, POST, OPTIONS"
  end if

  if $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] is not empty then
    put header "Access-Control-Allow-Headers: " & $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']  
  end if

end if
It neither works... Please do you see what I am missing / not understanding ?

Many thanks :)

scrabbles
Posts: 25
Joined: Sat Dec 20, 2014 4:32 am
Location: Melbourne, Australia

Re: Modifying headers for CORS ?

Post by scrabbles » Thu Oct 22, 2015 10:22 am

Hi, some things i can think of to double check
- mod_headers really is enabled? (if you are relying on apache to serve it)
- header in script is not replaced by other code? (ie inadvertanlty choosing a different path in code so it's never set/overwritten by something else)
- header returned is actually correct? (does it have a crlf for new line?)

Have you checked the http response being returned?

samuel.vannesteBUSGvXT
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 34
Joined: Wed Sep 19, 2012 6:32 pm
Location: Versailles, France

Re: Modifying headers for CORS ?

Post by samuel.vannesteBUSGvXT » Thu Oct 22, 2015 6:09 pm

Hello,

Thanks for your ideas. I have verified the headers using Firefox developer edition + Live Headers extensions and checked that the LiveCode's script returns them. It seems to be the case (headers below). So, I will go back to the app's provider.
https://s1/appb/test/index.lc

OPTIONS /appb/test/index.lc HTTP/1.1
Host: s1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Origin: http://127.0.0.1:9990
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cache-control,if-modified-since,pragma
Connection: keep-alive

HTTP/1.1 200 OK
Date: Thu, 22 Oct 2015 17:04:51 GMT
Server: Apache
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Edit : just understood that the third test was not returning a header. I will have to work on that point too

Edit: when I don't rely on the tests and force the headers to the default values, it works great. I will have to check if those headers are available in LC server too because they are not listed in the CGI $_SERVER variables (dictionary)

Post Reply

Return to “CGIs and the Server”