Cross Domain issue

Warburton_Stephen · June 20, 2022, 3:50pm

Hi guys,

I have modified the sample application TMAWeb_SimpleService return a list of json filenames from my webservice. Which has

procedure TWebModule1.WebModuleBeforeDispatch(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
begin
    Response.SetCustomHeader('Access-Control-Allow-Origin','*');
end;

procedure TForm1.WebButton1Click(Sender: TObject);
begin
 // WebHttpRequest1.URL := 'https://download.tmssoftware.com/tmsweb/music.json';
  WebHttpRequest1.URL := 'http://92.27.68.65:7777/getRockVideos';


  WebHttpRequest1.Execute();
end;

procedure TForm1.WebHttpRequest1RequestResponse(Sender: TObject;
  ARequest: TJSXMLHttpRequestRecord; AResponse: string);
      var
        js: TJSON;
        ja: TJSONArray;
        jo: TJSONObject;
        i: integer;
      begin
        js := TJSON.Create;

        try
          ja := TJSONArray(js.Parse(AResponse));

          ShowMessage('Retrieved items:' +AResponse);

          for i := 0 to ja.Count - 1 do
          begin
            jo := TJSONObject(ja.Items[i]);
            WebListBox1.Items.Add(jo.GetJSONValue('videoName'));
          end;
        finally
          js.Free;
        end;
      end ;



end.

This work fine in the sample application.
When I add this code to my application I get a cross domain access error.

rocksTruck.html:1 Access to XMLHttpRequest at 'http://92.27.68.65/getRockVideos' from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I can't see any setting in the sample application that solves the issue.

brunofierens · June 20, 2022, 7:15pm

Try to clear WebHttpRequest.Headers
and/or
Check this FAQ:
This means the REST API resource is not enabled for CORS.
Solve this by putting this JSON resource in the same domain as your web app or enable CORS on the backend. (This will depend on the type of backend you use).

For a background on CORS, please see:

For enabling CORS for XData this is explained in detail here:

Warburton_Stephen · June 20, 2022, 8:34pm

Hi Bruno

New to this. How do I clear the headers?

Why does the TMS sample application work and mine doesn’t with the same code ?

brunofierens · June 20, 2022, 8:42pm

webhttprequest.Headers.Clear
did you read up on CORS?

Warburton_Stephen · June 21, 2022, 8:46am

Hi Bruno,

I have this enabled on my webService using Delphi & TWebModule

procedure TWebModule1.WebModuleBeforeDispatch(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
begin
    Response.SetCustomHeader('Access-Control-Allow-Origin','*');
end;

So as far as I understand this allows CORs and nothing is needed on the client end.

In my TMSWeb app I use

  WebHttpRequest1.Headers.Clear;
  WebHttpRequest1.URL := 'http://92.27.68.65/getRockVideos';
  WebHttpRequest1.Execute();

But I still get the cross domain error in my app but not the TMS TMAWeb_SimpleService app.

I am accessing the same webservice from a mobile Delphi app ( ie different IP's) and don't have any issues.
What am I not understanding here please ?

Warburton_Stephen · June 21, 2022, 9:44am

Please see the screen grab showing the problem

brunofierens · June 21, 2022, 9:57am

When I test this from here, I get a connection timeout.

Warburton_Stephen · June 21, 2022, 10:19am

I've noticed the errors. Late nights and brain drain with CSS etc etc.
My app was missing the port (7777) in my app and I was using the wrong OnRequestResponse on the second call.

Cheers for the help so far.