Is it possible to add Origin in the Header of a redirect according to the HTTP protocol?

Asked

Viewed 751 times

7

I am implementing an application where I need to perform a redirect from one server to another and am encountering problems. While performing a redirect, receive the following error message:

Xmlhttprequest cannot load https://servidordeaplicacao.com/endereco. The 'Access-Control-Allow-Origin' header has a value 'http://www.servidorhospedagemcliente.com' that is not Equal to the supplied origin. Origin 'null' is therefore not allowed access.

The flow of my application is as follows:

inserir a descrição da imagem aqui

Follow the detail of the steps:

1º: Client requests a page from browser to server http://www.servidorhospedagemcliente.com/Teste.html

Request Header

GET /Test.html HTTP/1.1

Host: www.servoraccommodationcliente.com

Connection: Keep-Alive

Pragma: no-cache

Cache-Control: no-cache

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) Applewebkit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 Accept-Encoding: gzip, deflate, sdch

Accept-Language: en,en;q=0.8,en-US;q=0.6,en;q=0.4

Response Header

HTTP/1.1 200 OK

Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 Openssl/1.0.1e-Fips mod_bwlimited/1.4

Connection: Keep-Alive Content-Type: text/html

2º O servidorhospedagemcliente executes a ajax requesting an address on servidornodejs

Ajax request made by Test.html

$("#testeAction").click(function() {
    $.ajax({
            success: function() {
                alert('Funcionou Teste Action!');
            },
            error: function() {
                alert('Agora deu ruim.');
            },
            type: 'GET',
                url: 'https://servidornodejs.com/Teste'
    });
});

Request Header

GET /HTTP Test/1.1

Host: servidornodejs.com

Connection: Keep-Alive

Accept: /

Origin: http://www.servidorhospedagemcliente.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) Applewebkit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

Referer: http://www.servidorhospedagemcliente.com/Teste.html

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en,en;q=0.8,en-US;q=0.6,en;q=0.4

Response Header

HTTP/1.1 301 Moved Permanently

Server: Cowboy

Connection: Keep-Alive

X-Powered-By: Express

Access-Control-Allow-Origin: http://www.servidorhospedagemcliente.com

Vary: Origin, Accept

Location: https://servidoraplicacao.com/endereco

Content-Type: text/Plain; charset=utf-8

Content-Length

Date: Wed, 06 Jan 2016 18:36:50 GMT

Route: 1.1 vegur

3º O servidornodejs.com upon receiving the request performs a redirect to the servidordeaplicacao

Node JS code

'use strict';

var express = require('express');
var app = express();
var cors = require('cors');
var http = require('http');

app.set('port', (process.env.PORT || 5008));

var corsOptions = {
  origin: 'http://www.servidorhospedagemcliente.com',
  methods: 'GET,POST,PUT,DELETE,OPTIONS'
};

app.get('/Teste', cors(corsOptions), function(req, res, next) {
    res.redirect(301,'https://servidordeaplicacao.com/endereco');
});

app.listen(app.get('port'), function() {
  console.log('Node app is running on port', app.get('port'));
});

Request Header

GET /HTTP Test/1.1

Host: servidornodejs.com

Connection: Keep-Alive

Accept: /

Origin: http://www.servidorhospedagemcliente.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) Applewebkit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

Referer: http://www.servidorhospedagemcliente.com/Teste.html

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en,en;q=0.8,en-US;q=0.6,en;q=0.4

Response Header

HTTP/1.1 301 Moved Permanently

Server: Server

Connection: Keep-Alive

X-Powered-By: Express

Access-Control-Allow-Origin: http://www.servidorhospedagemcliente.com

Vary: Origin, Accept

Location: https://servidordeaplicacao.com/endereco

Content-Type: text/Plain; charset=utf-8

4º O servidordeaplicacao received the request and will make a redirect to the servidornodejs be able to redirect to servidorhospedagemcliente to complete the steps 5 and 6. But there is the problem, the error message appears at that time, with the following header:

Node JS code

app.get('/Cliente', cors(corsOptions), function(req, res, next) {
        res.redirect(301,'http://servidorhospedagemcliente.com/ok.html');
});

Java Application Code

public void enviar(HttpServletRequest request, HttpServletResponse response, String id) throws ServletException, IOException {

        try {
                {
                    if (request.getMethod().equals("OPTIONS") || request.getMethod().equals("GET") || request.getMethod().equals("POST")) {
                        response.addHeader("Access-Control-Allow-Origin", "http://www.servidorhospedagemcliente.com");
                        response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
                        response.setHeader("Access-Control-Allow-Headers", "Content-Type");
                    }

                    String url = "https://servidornodejs.com/Cliente";

                    response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
                    response.addHeader("Location", url);
                }
        } catch (Exception e) {
            e.printStackTrace();
            throw new ServletException(e);
        }
    }

Request Header

GET /HTTP address/1.1

Host: room service.com

Connection: Keep-Alive

Accept: /

Origin: null

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) Applewebkit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

Referer: http://www.servidorhospedagemcliente.com/Teste.html

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en,en;q=0.8,en-US;q=0.6,en;q=0.4

Response Header

HTTP/1.1 301 Moved Permanently

Connection: close

Date: Wed, 06 Jan 2016 18:36:51 GMT

Content-Type: text/html;charset=utf-8

Access-Control-Allow-Origin: http://www.servidorhospedagemcliente.com

Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS

Access-Control-Allow-Headers: Content-Type

Location: http://www.servidorhospedagemcliente.com/ok.html

Now comes my question, the moment a redirect is executed, it is possible to change Origin HTTP header and can send? In my header it is null, and according to the browser error message, Origin 'null' is therefore not allowed access.. Does anyone have any idea how to solve this problem?

java ajax node.js servlet http-headers
  • 2

    Interesting question +1. Just a curiosity, why redirect? cannot make the Node server make an HTTP request to the Java server and fetch what you need to answer the client via Node?

  • @Sergio I am using redirect because I could not make a request from Node to the Java server. Would you have an example of how to generate a request from Node JS that is easy to understand? I’m starting now with Node and I still don’t have much fluency in this technology, and from the documentation, I still can’t figure out how to do this.

  • 1

    Take a look here: https://github.com/visionmedia/superagent is a mto library used to make ajax server side.

  • I’ll take a look at this bibilioteca. Thank you very much @Sergio!

1 answer

1

First, Origin null is the location of the system file, it suggests that you are loading the HTML that loads via file:/// URL.Different browsers take different measures in such cases. But basically, using Ajax with local features will not work with cross-browser.

Second, your server does not include CORS headers properly,I suggest you take a closer look at the schema of requests that’s already done.

Third, in the part of HTTP/1.1 200 OK means you are not redirecting yet. To redirect you need to send a status code 302.

302 is the code or status that informs about the redirection of a web page or document.

Then try the following : 

response.addHeader("Access-Control-Allow-Origin", "http://www.example.com");

If error occurs in Internet Explorer versions <= 9,see here how to tidy up.

I advise you to take a look at these links here :

http://sebastians-pamphlets.com/the-anatomy-of-http-redirects-301-302-307/

https://github.com/danialfarid/ng-file-upload/issues/188

https://stackoverflow.com/questions/20035101/no-access-control-allow-origin-header-is-present-on-the-requested-resource

https://en.wikipedia.org/wiki/Same-origin_policy

http://blog.modulus.io/node.js-tutorial-how-to-use-request-module

To make a Node request for Java, you can try using tcp sockets to make the communication,look at this link :

https://nodejs.org/api/net.html

And you can also invoke Java code from your Node application using something like Node-java :

https://github.com/joeferner/node-java

Browser other questions tagged java ajax node.js servlet http-headers

You are not signed in. Login or sign up in order to post.