Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Appendix A Advanced Topics : Support for Cross-Origin Requests

Support for Cross-Origin Requests
When you set up a REST server where the REST Dispatch and Reply activity is located, and set up another web application server containing all the web components, such as HTML, CSS, and JavaScript, a cross-origin request is initiated when you use a browser visiting the web application server to call RESTful web services exposed by the REST server.
This section specifies several rules that apply to the REST Dispatch and Reply activity when handling cross-origin requests.
Ordinary Requests
The REST Dispatch and Reply activity handles cross-origin requests according to the following rules:
The Value of the origin parameter in the request header maps to the value of the Access-Control-Allow-Origin parameter in the response header.
The value of the Access-Control-Allow-Methods parameter is set to OPTIONS, GET, PUT, POST, DELETE, and *.
Preflight Requests
The REST Dispatch and Reply activity handles OPTIONS requests according to the following rules:
The value of the origin parameter in the request header maps to the value of the Access-Control-Allow-Origin parameter in the response header.
The value of the access-control-request-method parameter in the request header maps to the value of the Access-Control-Allow-Methods parameter in the response header.
The value of the access-control-request-headers parameter in the request header maps to the value of the Access-Control-Allow-Headers parameter in the response header.
By default, the value of the Access-Control-Max-Age parameter in the response header is set to 20 days. You can add the same response headers to overwrite default values.
Web browsers have different implementation mechanisms. Normally, the Access-Control-Max-Age parameter is expired before the value set in it.
Potential Failures and Solutions
The REST Dispatch and Reply activity might fail to handle cross-origin requests because of an incorrect activity configuration, difference in the versions of TIBCO ActiveMatrix BusinessWorks and TIBCO Runtime Agent, or use of different browsers.
TIBCO Runtime Agent Versions
The REST Dispatch and Reply activity fails to handle cross-origin requests when using the TIBCO Runtime Agent version 5.7.x or earlier. To handle cross-origin requests TIBCO Runtime Agent 5.8.0 or later is installed.
Different Server Types
When you use the HTTP Receiver activity to receive a HTTP request, if the server uses Tomcat to handle cross-origin requests, an error occurs. Ensure that the server uses HTTP Component to handle cross-origin requests.
There is an exception that the HTTP Receiver activity can handle cross-origin requests, even though the server uses Tomcat. The prerequisite is that you must install TIBCO Runtime Agent 5.9 or above and TIBCO ActiveMatrix BusinessWorks 5.12 or above. Then, add the bw.plugin.http.enableDoOptions=true property to the designer.tra file in the TIBCO_HOME\designer\version_number\bin directory.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved