Technical

Cross Origin Resource Sharing (CORS) in OSB

So you’ve followed Oracle’s lead and started implementing REST services in Oracle Service Bus. But you very quickly run into a problem, how do I get my webpages to access these services via Ajax when they are hosted on different domains (or ports). This is generally forbidden in most browsers (as it violates the ‘same origin policy’, ie: you can only access resources in the same domain as you). The most common recommendation to resolve this issue is to enable CORS (Cross Origin Resource Sharing). Basically you just set a header in the response from the remote service that lists the domains that are allowed to request from this resource. If the web page is in that list the browser will allow the resource to be accessed.

Getting this to work in OSB is actually pretty easy and will mean that your OSB services don’t have to be on the same domain as your web pages. Read on to find out how.

To enable CORS we just have to set the ‘Access-Control-Allow-Origin’ header in our response. To do this simply add a ‘Transport Header’ component to the response branch of your routing section

1. Transport

Click the Transport Header and in the properties window click the ‘+’ button to add a new header. Name it ‘Access-Control-Allow-Origin’ (it’s not in the list, but OSB will let you set a custom name) and set the value to ‘*’

2. Header Details

Note: You should probably set the value to list of actual domains that you want to allow, otherwise any system will be able to allowed to access the resource.

With that you can now access your REST service from a web page running on another domain.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s