logo
Welcome Guest! To enable all features, please Login or Register.

Notification

Icon
Error

FAQ: Leadtools REST Services - Cross Site / Cross Domain Scripting Errors and Restrictions

Options
View
Last Go to last post Unread Go to first unread post
Previous Topic Next Topic
#1 Posted : Wednesday, August 21, 2013 8:00:41 AM(UTC)

JamesD  
Guest

Groups: Guests
Posts: 3,022

Was thanked: 2 time(s) in 2 post(s)

After you've setup the Leadtools REST Services using our configuration demo at
C:\LEADTOOLS 18\Bin\Dotnet4\x64\LeadtoolsServicesHostManager_Original.exe

and confirmed that they are running correctly by clicking the "Test All" button on the Status tab, you should be able to make calls to the local services from any web page that is hosted on the same domain and port number as the REST Services (http://localhost in most cases). Navigating to this URL for example, should return JSON data related to the specified PDF:
http://localhost/LEADTOOLSRESTServicesHost/Raster.svc/Info?uri=http://demo.leadtools.com/images/pdf/leadtools.pdf

Should you need to call the REST services from an application running on a different IP/port (for example a self hosted ASP.NET application running in Cassini), you will be unable to access the services due to Cross-Site Scripting restrictions.

A sample error message would look like this if you're using Chrome to debug (from the Javascript Console):
XMLHttpRequest cannot load http://localhost/LEADTOOLSRESTServicesHost/Raster.svc....
Origin http://localhost:1468 is not allowed by Access-Control-Allow-Origin

For more information about why this restriction exists, please see this page:
https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

To workaround this restriction, you will need to modify the Web.config file, which is located by default at:
C:\LEADTOOLS 18\Examples\REST\RESTServicesHost\Web.config

In the Web.config file, add the following XML inside the "Configuration" node:
<system.webserver>
<httpprotocol>
<customheaders>
<add name="Access-Control-Allow-Origin" value="*">
</add></customheaders>
</httpprotocol>
</system.webserver>
This configuration will allow you to access the services from
any domain and port number. If you want to restrict access to a specific
IP and Port, you can specify that in the "value" attribute of the "add"
element.

A copy of the modified Web.config file can be found in the attached zip file in the directory Modified-Rest-Host-Config-Web-Config. The zip file also contains a test project, that makes a sample call to our REST services from a different Port number, and detects if it completed successfully.

CAUTION: This Web.config should be used for testing only. Using it in production is not recommended for security reasons.

File Attachment(s):
CrossSiteScriptingTestProject.zip (55kb) downloaded 44 time(s).

Edited by moderator Sunday, November 13, 2016 11:18:33 AM(UTC)  | Reason: Not specified

 

Try the latest version of LEADTOOLS for free for 60 days by downloading the evaluation: https://www.leadtools.com/downloads

Wanna join the discussion? Login to your LEADTOOLS Support accountor Register a new forum account.
Back to top  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.055 seconds.