Integrations and APIs for Service

Get Involved. Join the Conversation.

Topic

    Iain McKay
    Any tips for succesfull CORS implementation ?
    Topic posted December 11, 2014 by Iain McKaySilver Medal: 2,000+ Points 
    583 Views, 3 Comments
    Title:
    Any tips for succesfull CORS implementation ?
    Content:

    I'm trying to investigate and implement both a REST service (and hitting problems even when using 3rd party libraries such as "codeigniter-restserver" due to the differences in the RightNow CodeIgniter customisations) and separately to perform cross-site scripting with CORS rather than JSONP (which I've got working perfectly well at present).

    So putting aside the REST issues, I'm looking for tips on how to implement CORS in a Custom Controller. i.e.something like:

            $this->output->set_header("Access-Control-Allow-Origin: *");
            $this->output->set_header('Access-Control-Allow-Credentials: true');    
            $this->output->set_header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
            

            // Access-Control headers are received during OPTIONS requests
            if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
              $this->output->set_header("Access-Control-Allow-Headers: X-API-KEY");
            }

    Any tips are very much appreciated.

    Regards,

    Iain.

     

     

    Comment

     

    • Rajan Davis

      If you put header("Access-Control-Allow-Origin: *"); on the top of your controller page before ANY PHP code, it should work. I will note, this will only work while in production and this is basically allowing all sites to use your controller. I am working on creating a customized REST API as the one that is out of the box is pretty crappy; you can see the attached PHP script for a working example.

    • Sascha Wendt

      hey everyone,

      i've tried to create my own controller using CORS to access data from another website. But it fails for some reason after i deploy the file. When i access the controller in development mode it's working but after deployment i will get an HTTP ERROR 500.. 

      do you have any idea?

      <?php
      namespace Custom\Controllers;
       
      header("Access-Control-Allow-Origin: *");
       
      // Find our position in the file tree
      require_once(get_cfg_var('doc_root')
       
      /************* Agent Authentication ***************/
                              
      '/include/ConnectPHP/Connect_init.phph' );
      initConnectAPI();
                              
      /************* End agent authentication ***********/
                                                      
      // Set up versioned namespace for Connect PHP API                       
      use RightNow\Connect\v1_3 as RNCPHP;
                              
      //----------- Ready to proceed with script --------//
       
      class auth extends \RightNow\Controllers\Base
      {
          //This is the constructor for the custom controller. Do not modify anything within
          //this function.
          function __construct()
          {
              parent::__construct();
          }
        
          function current_user () {
              header("Content-Type: application/json;charset=utf-8");
              $data = get_instance()->session->getProfile(true);
              echo json_encode($data);
          }
      }
      ?>

       

    • Rajan Davis
      Sascha said:

      hey everyone,

      i've tried to create my own controller using CORS to access data from another website. But it fails for some reason after i deploy the file. When i access the controller in development mode it's working but after deployment i will get an HTTP ERROR 500.. 

      do you have any idea?

      <?php
      namespace Custom\Controllers;
       
      header("Access-Control-Allow-Origin: *");
       
      // Find our position in the file tree
      require_once(get_cfg_var('doc_root')
       
      /************* Agent Authentication ***************/
                              
      '/include/ConnectPHP/Connect_init.phph' );
      initConnectAPI();
                              
      /************* End agent authentication ***********/
                                                      
      // Set up versioned namespace for Connect PHP API                       
      use RightNow\Connect\v1_3 as RNCPHP;
                              
      //----------- Ready to proceed with script --------//
       
      class auth extends \RightNow\Controllers\Base
      {
          //This is the constructor for the custom controller. Do not modify anything within
          //this function.
          function __construct()
          {
              parent::__construct();
          }
        
          function current_user () {
              try{
                  header("Content-Type: application/json;charset=utf-8");
                  $data = $this->session->getProfile();
                  // $data = get_instance()->session->getProfile(true);
              }catch(Exception $e){
                  $data = $e->getMessage();
              }
              echo json_encode($data);
          }
      }
      ?>

       

      View original

      I would wrap a try/catch block around the code in the current_user method; I modified the code above, this should at least tell you where your code is failing.

      If you are trying to retrieve session data from the site, if I am not mistaken, this data is set through a https cookie. What this means is that you cannot pull the session data across sites despite allowing for CORS.

      I am not 100% certain you can do sessions across domains; I think most of what is happening for the logging in occurs in files that you cannot access or modify...

      Rajan