Project

General

Profile

Cross-Origin issue creation

Added by Herberts Markuns over 7 years ago

Hi,
I'm having trouble with Redmine API. What I'm trying to do is create an issue as an anonymous user, from a different origin, from a web browser.
Is that possible?
I'm getting 404 errors, when POSTing, which shows up as OPTIONS request method through browser network inspector. GET method works however - returns all issues of the public project.
I have set to allow anonymous users to create issues on this public project.

Console logging the following errors:

OPTIONS ..issues.json 404 (Not Found)
XMLHttpRequest cannot load ..issues.json. Response for preflight has invalid HTTP status code 404

Story:
I have created a project for users who use one of our products to submit feedback, anonymously. On one of these products, there is a "feedback" button, that allows users to submit feedback, without directly accessing the feedback site.
This button should create an issue in Redmine with user input. The user is submitting feedback from "userproduct.com" domain, to "ourredmineinstance.com".
To access "ourredmineinstance.com" you need a certificate, which the user has, and which the browser requests user to specify when calling Redmine API from "userproduct.com" (already works).

We're using Redmine in a Docker container, based on sameersbn/redmine docker image, based on Ubuntu 14.04.

Environment:
  Redmine version                3.2.0.stable
  Ruby version                   2.1.8-p440 (2015-12-16) [x86_64-linux-gnu]
  Rails version                  4.2.5
  Environment                    production
  Database adapter               PostgreSQL
SCM:
  Subversion                     1.8.8
  Darcs                          2.8.4
  Mercurial                      2.8.2
  Cvs                            1.12.13
  Bazaar                         2.7.0
  Git                            2.7.2
  Filesystem
Redmine plugins:
  redmine_agile                  1.4.0
  redmine_people                 1.2.0


Replies (1)

RE: Cross-Origin issue creation - Added by Herberts Markuns over 7 years ago

Issue resolved!
acosonic from IRC channel, directed me to an article about allowing these kind of requests in apache tomcat (which is used as gateway between client and redmine in our case).

Had to add the fallowing to my apache configuration to make it work:

# Always set these headers.
Header always set Access-Control-Allow-Origin "*" 
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" 
Header always set Access-Control-Max-Age "1000" 
Header always set Access-Control-Allow-Headers "Content-Type, authorization" 

# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

Credit to Benjamin Horn, you can find his article on his website, if you google "setting-cors-cross-origin-resource-sharing-on-apache-with-correct-response-headers-allowing-everything-through".

    (1-1/1)