Jump to content
We've recently updated our Privacy Statement, available here ×

  • CORS for Visualize.js

    Scott Andersen

    By Scott Andersen

      • Features: JasperReports Server Version: v7.8, v7.8.0 Product: JasperReports® Server
     Share

    Please

    for a live demo.

    Earlier, websites were restricted to access resources from the same origin (Origin is a combination of protocol, domain, and port) by what is called a same-origin policy or SOP. This policy existed to avoid cross-domain attacks such as Cross-Site Request Forgery (CSRF). CORS is a relaxation of the same-origin policy that allows a request from one domain to access a resource from another domain. More details on CORS can be found at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

    This article is for 7.8.0 or later versions. See CORS configuration for JRS 7.5.1 and earlier versions only for 7.5.1 or earlier versions (also has tests useful for all versions).
    Before v7.8, the TIBCO JasperReports® Server used easyXDM  (3rd party library to bypass the same-origin policy) to be accessed from Visualize.js   EasyXDM exposes an rpc instance that can be used to generate requests as in below:
    var cdm = new easyXDM.Rpc({
    remote: "http://other.domain/cors/"
}, {
    remote: {
        request: {} // request is exposed by /cors/
    }
});

xhr.request({
    url: "pathRelativeToRemote/getrest/",
    method: "POST",
    data: {foo:"bar"}
}, function(response) {
    alert(response.status);
    alert(response.data);
});

    Now, with CORS implementation, dependency of easyXDM has been removed which enables  JasperReports® Server to be accessed from a different domain using Visualize with configuration.

    CORS is implemented using a filter whose bean declaration can be found in the "applicationContext-security-pro-web.xml " file. The properties allowedHeaders, allowedMethods, maxAge, allowCredentials are configured and do not need a change. The domainWhitelist property  specifies a list of domains that are allowed to be accessed using Visualize.

    To configure the cross-domain whitelist:

    1. Login as system administrator (superuser).

    2. Select Manage > Server Settings then Server Attributes.

    3. The server attribute named domainWhitelist contains a regular expression that matches allowed domains. Set it as follows

      1. When your Visualize.js web app is on another domain, such as in this example, create a regular expression to match the protocol, domain name and port numbers. You can also match multiple subdomains or several port numbers as in this example:

        domainWhitelist = http://*.myexample.com:80d0

        The server translates this simplified expression into the proper regular expression ^http://.*.myexample.com:80d0$. If you want to avoid the translation, put ^ $ around your value.

      2. When your Visualize.js web app is on the same domain as your JasperReports Server set the value to <blank> (no value) so that no other domain has access:

        domainWhitelist = <blank>

    More details on the domainWhitelist can be found in the JasperReports Server Security Guide, section 4.2.1 Setting the Cross-Domain Whitelist

    As CORS is based on a similar concept of allowing only certain domains to access a resource, the domains listed in domainWhitelist property shall be used by CORS for the allowed-origin property. 

     

    pasted_image_0.png.9cfc7ff5c9dbfe52cdc4fa6b7691a48b.png

    Troubleshooting

    The following articles help: Troubleshooting CORS issues in Visualize.js and CORS error in JasperReports Server 7.8.0 (and later).

     Share
    Go to entries

    User Feedback

    Recommended Comments

    NiharRanjan.Behera

    We recently migrated to 7.9 from 7.5. We use visualise.js to render the reports and also use token based authentication.

    The above solution did not resolve the issue and we are still getting cors error.

    Link to comment
    Share on other sites
    Raphaël Peguet

    CORS errors are generated by browsers with the aim to protect users it is unrelated to how you authenticate with Jaspersoft.

    Please refer to the security guide at https://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v780/configuring-csrf-protection
    Thank you for submitting a case through the TIBCO Support portal, we are working on it and we will get back to you very quickly.

    Link to comment
    Share on other sites


    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore