Have you ever created an HTTP data request only to get hit by a red “access to HTML request has been blocked by cors policy” error?
When your site is on the same domain as the web service server, there’s no problem. However, this isn’t the case when performing a cross-origin request. Access is denied due to browser security preventing HTTP requests to another domain. The result? A CORS policy error.
To help you explicitly allow certain cross-origin requests on your server, 4D now supports the CORS protocol. Accessing data with cross-origin requests just became easier!
The CORS protocol prevents web pages from being able to make requests to domains other than its own. But sometimes, you may need to allow other sites to make HTTP data requests to your server. Fortunately, 4D provides two ways to define the CORS rules and explicitly allow certain cross-origin requests:
- via programming, or
- through database settings.
manage cors via programming
You can enable CORS with two commands:
//CORS Domains Settings
$settings:=New collection
$settings.push(New object("host";"127.0.0.1:8888";"methods";"get;put;post"))
$settings.push(New object("host";"https://blog.4d.com/";"methods";"get;post"))
//enable CORS
WEB SET OPTION(Web CORS enabled;1)
//CORS Domains Settings
WEB SET OPTION(Web CORS settings;$settings)
//start web server to apply CORS settings
WEB START SERVER
$hostWS:=WEB Server(Web host database server)
$setting:=New object
//Enable CORS
$setting.CORSEnabled:=True
//CORS Domains Settings
$setting.CORSSettings:=New collection
$setting.CORSSettings.push(New object("host";"127.0.0.1:8888";"methods";"get;put;post"))
$setting.CORSSettings.push(New object("host";"https://blog.4d.com/"; "methods";"get;post"))
//start web server and apply CORS settings
$hostWS.start($setting)
manage CORS through database settings
New settings are available in the Settings > Web > Options (II) tab:
Just add the allowed domain names and available methods. When the server is next started, they’ll be used automatically.