Please
Earlier, websites were restricted to access resources from the same origin (Origin is a combination of protocol, domain, and port) by what is called a same-origin policy or SOP. This policy existed to avoid cross-domain attacks such as Cross-Site Request Forgery (CSRF). CORS is a relaxation of the same-origin policy that allows a request from one domain to access a resource from another domain. More details on CORS can be found at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
var cdm = new easyXDM.Rpc({ remote: "http://other.domain/cors/" }, { remote: { request: {} // request is exposed by /cors/ } }); xhr.request({ url: "pathRelativeToRemote/getrest/", method: "POST", data: {foo:"bar"} }, function(response) { alert(response.status); alert(response.data); });
Now, with CORS implementation, dependency of easyXDM has been removed which enables JasperReports® Server to be accessed from a different domain using Visualize with configuration.
CORS is implemented using a filter whose bean declaration can be found in the "applicationContext-security-pro-web.xml " file. The properties allowedHeaders, allowedMethods, maxAge, allowCredentials are configured and do not need a change. The domainWhitelist property specifies a list of domains that are allowed to be accessed using Visualize.
To configure the cross-domain whitelist:
Login as system administrator (superuser).
Select Manage > Server Settings then Server Attributes.
The server attribute named domainWhitelist contains a regular expression that matches allowed domains. Set it as follows
When your Visualize.js web app is on another domain, such as in this example, create a regular expression to match the protocol, domain name and port numbers. You can also match multiple subdomains or several port numbers as in this example:
domainWhitelist = http://*.myexample.com:80d0
The server translates this simplified expression into the proper regular expression ^http://.*.myexample.com:80d0$. If you want to avoid the translation, put ^ $ around your value.
When your Visualize.js web app is on the same domain as your JasperReports Server set the value to <blank> (no value) so that no other domain has access:
domainWhitelist = <blank>
More details on the domainWhitelist can be found in the JasperReports Server Security Guide, section 4.2.1 Setting the Cross-Domain Whitelist.
As CORS is based on a similar concept of allowing only certain domains to access a resource, the domains listed in domainWhitelist property shall be used by CORS for the allowed-origin property.
Troubleshooting
The following articles help: Troubleshooting CORS issues in Visualize.js and CORS error in JasperReports Server 7.8.0 (and later).
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now