APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

CORS header 'Access-Control-Allow-Origin' does not match the same source

steb86Jun 15 2017 — edited Jun 16 2017

Hello to everyone,

I know this could be a topic already discussed in other posts, but I didn't find a working solution for me.

I'm using Apex 5.0.4 with Rest 3.0.6 and I tried to expose a web service first by enabling a page report as restfull service, then by using ORDS package to create a GET web service.

I need to call the web service from another domain by html and js (jQuery) and using the data into an input field with autocomplete.

I'm using Tomcat 7.0.72 as application server and I set the header into the web.xml file as follow:

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>ACCEPT, CONTENT-TYPE, X-CSRF-TOKEN</param-value>
    </init-param>          
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

and in my index.html I'm using the plugin easyautocomplete (https://github.com/pawelczak/EasyAutocomplete ) like this:

    var options = {
        url: "http://10.1.6.129:8080/ords/apex_llx_admin/api/customers",
        listLocation: "customers",
        getValue: "customer_no",
        ajaxSettings: {
            dataType: "json",
            method: "GET"
        },
        requestDelay: 1000
    };
    $("#provider-json").easyAutocomplete(options);

but I'm getting this error in browser console (both Chrome and Firefox):

XMLHttpRequest cannot load http://10.1.6.129:8080/ords/apex_llx_admin/api/customers. The 'Access-Control-Allow-Origin' header contains multiple values 'http://10.1.4.140:8080, http://10.1.4.140:8080', but only one is allowed. Origin 'http://10.1.4.140:8080' is therefore not allowed access.

Request Header:
Host: 10.1.6.129:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://10.1.4.140:8080/autocomplete/
Origin: http://10.1.4.140:8080
Connection: keep-alive

Response Header:

Access-Control-Allow-Credentials: true, true

Access-Control-Allow-Origin: http://10.1.4.140:8080, http://10.1.4.140:8080

Cache-Control: no-store

Content-Type: application/json

Date: Thu, 15 Jun 2017 07:13:25 GMT

Etag: "rQazhOeauATs1G+bswTw0F3YZ66DdMIrloV4AlqCN/64tZodcobtw2BU9xhpG68P1l1gDYmmNKYCGXLcR+GN0w=="

Expires: Sun, 27 Jul 1997 13:00:00 GMT

Pragma: no-cache

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Vary: Origin

access-control-expose-headers: Content-Type, Cache-Control, Pragma, Expires, ETag, Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Vary

I also tried to put http://10.1.4.140:8080 directly into web.xml instead of * but still getting the same error.

Any suggestion?

Thank you!
Ciao,

Stefano

Locked Post

New comments cannot be posted to this locked post.

Locked on Jul 14 2017

Added on Jun 15 2017

#apex-discussions

1 comment

1,809 views