Unable to set Access-Control-Allow-Credentials using server.json

Communities
1

Hi,

I shifted from windows machine to a Mac with intel chip and figured that it’s better to use command box’s ad hoc server for development purpose.

The ColdFusion ColdBox API needs to enable “Access-Control-Allow-Credentials” to “true” however I am unable to set it in the server.json file using rules.

I have tried the following codes in the rules section of server.json
“set(attribute=’%{o.Access-Control-Allow-Credentials}’, value=‘true’)”,
“set(attribute=’%{o.Access-Control-Allow-Credentials}’)”,
“header(‘Access-Control-Allow-Credentials’, ‘true’”,

Here is the server.json file which I am using.

{
“name”:“api”,
“app”:{
“cfengine”:“adobe@2018.0.14+330003”
},
“web”:{
“host”:“localv5.com”,
“http”:{
“port”:“1025”
},
“rewrites”:{
“enable”:“true”
},
“rules”:[
“set(attribute=’%{o,Access-Control-Allow-Origin}’, value=‘http://localv5.com:4200’)”,
“set(attribute=’%{o,Access-Control-Allow-Methods}’, value=‘GET, POST, HEAD, OPTIONS’)”,
“set(attribute=’%{o.Access-Control-Allow-Credentials}’, value=‘true’)”,
“set(attribute=’%{o,Access-Control-Allow-Headers}’, value=‘Authorization’)”
]
}
}

Here is the error as seen from the browser console.
Credentials flag is true, but Access-Control-Allow-Credentials is not “true”.

Let me know what can be done to allow the credentials in response header or share any doc that can be followed.

Any help would be appreciated.

2

Which headers do you see in your browsers debugging?

3

Hi @bdw429s,

I see the other headers that I have set. The Access-Control-Allow-Credentials is missing and thereby it’s giving an error in the UI side as it uses with credentials so that the cookie from the API can be set.

  1. Access-Control-Allow-Headers:

Authorization, BAuthorization

  1. Access-Control-Allow-Methods:

GET, POST, HEAD, OPTIONS

  1. Access-Control-Allow-Origin:

http://localv5.com:4200

  1. Connection:

keep-alive

  1. Content-Type:

application/json;charset=utf-8

  1. Date:

Mon, 23 May 2022 14:32:27 GMT

  1. Set-Cookie:
4

Also @bdw429s if I use

            "set(attribute='%{o.Access-Control-Allow-Credentials}', value='true')",

I am getting error in coio.undertow.request: UT005071: Undertow request failed HttpServerExchange{ GET /companyusers/}
io.undertow.attribute.ReadOnlyAttributeException: UT000055: Could not set attribute constant to true as it is read only
at io.undertow.attribute.ConstantExchangeAttribute.writeAttribute(ConstantExchangeAttribute.java:43) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.server.handlers.SetAttributeHandler.handleRequest(SetAttributeHandler.java:117) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.server.handlers.SetAttributeHandler.handleRequest(SetAttributeHandler.java:119) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.server.handlers.SetAttributeHandler.handleRequest(SetAttributeHandler.java:119) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113) ~[runwar-4.7.4.jar:4.7.4]
at runwar.LifecyleHandler.handleRequest(LifecyleHandler.java:62) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.server.handlers.encoding.EncodingHandler.handleRequest(EncodingHandler.java:72) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.server.protocol.http2.Http2UpgradeHandler.handleRequest(Http2UpgradeHandler.java:102) ~[runwar-4.7.4.jar:4.7.4]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387) [runwar-4.7.4.jar:4.7.4]
at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:256) [runwar-4.7.4.jar:4.7.4]
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:136) [runwar-4.7.4.jar:4.7.4]
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:59) [runwar-4.7.4.jar:4.7.4]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [runwar-4.7.4.jar:4.7.4]
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [runwar-4.7.4.jar:4.7.4]
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [runwar-4.7.4.jar:4.7.4]
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) [runwar-4.7.4.jar:4.7.4]
nsole as follows:-

5

It looks like you have a typo. I see a period (.) instead of a comma (,) in your server rule after the “o”.
Can you please try changing

    "set(attribute='%{o.Access-Control-Allow-Credentials}', value='true')",

to this

    "set(attribute='%{o,Access-Control-Allow-Credentials}', value='true')",
6

@bdw429s
Thanks it works now!

1 Like