How to set response headers

[dgregory46]

I am developing a YAJL driven web service that will produce JSON data to a web application. I'm getting cross-origin errors and would like to return a header that allows access. I have not been able to find any documentation on how to do this. It looks like yajl_writeStdout() automatically includes headers in its output stream, but I don't know how to control the headers it sends.

Can anybody point me in the right direction?

Thanks

[jonboy49]

Not a topic I am (yet) familiar with but I found this useful as an introduction. https://remainsoftware.com/blog/cors-ex ... rogrammers

Scott will know for sure but I suspect that using yajl_writeStdout() will not cut it as it requires a two-stage operation.

[Scott Klement]

yajl_writeStdout is pretty simplistic -- and doesn't have code to allow you to customize the headers.

I could consider adding that if enough people are interested -- but you are the first one that's ever asked for it.

You could, of course, use yajl_copyBufStr() or similar to get the JSON data into your own program, and then call QtmhWrStout() yourself, and add the appropriate headers yourself. From my perspective, this would be a very easy solution -- but, of course, I've done it thousands of times

It's also possible to code the headers in the Apache config instead of adding them in your program. For example, you could add the following to your httpd.conf:

Code: Select all

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept"

It can be placed inside of a <Location>, <Directory>, <FilesMatch>, etc container if you want to limit which programs/urls send the extra headers. I suspect this is what most people do.

[dgregory46]

Thanks for your reply Scott. The yajl_copyBufStr() technique is the one I finally settled on. It seems to be working fine from the RPG side, but for some reason the browser is not recognizing my 'Access-Control-Allow-Origin: *' header. I have checked to make sure there is a blank line after my last header and the beginning of the JSON data. But I'm still getting the CORS error. Here is my exact response:

Code: Select all

Content-type: application/json
Access-Control-Allow-Origin: *

{
    "ping": "ping"
}

[dgregory46]

I'm still stumped. My rpg program is writing out:

Content-type: application/json
Access-Control-Allow-Origin: *

{
"ping": "ping"
}

When I request it from the browser, I get a 500 error with the message:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
...
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 500.

As you can see, the headers are there in the output, but for some reason the browser is not recognizing them.

I suspect that since I am looking at the raw output on the AS/400 and the browser is running on Windows, that it might be a codepage problem. I've tried different combinations of codepage translation but most of them produce garbage characters.

I am translating my headers using dcl-s with the CCSID keyword, and using yajl-copyBufStr() to dump the object structure to a string and writing them both using QtmhWrStout(). Which CCSID(s) should I be using?

I am using this page to develop a technique basis for building a company wide intranet single page app. I want to get this "Hello World" request correct before I start cloning it on a few dozen other pages.

[Scott Klement]

Which CCSID you use will depend on your Apache configuration.

I don't remember about the headers... its possible that they must always be in EBCDIC, whereas the data depends on the Apache config? Not totally sure. You'll have to look it up in the IBM manual.

Or just add the directives so that Apache adds the headers for you -- I gave the config options in a previous message in this thread. Have you tried this option?

[jarhead0311]

I'm still stumped. My rpg program is writing out:

Content-type: application/json
Access-Control-Allow-Origin: *

{
"ping": "ping"
}

When I request it from the browser, I get a 500 error with the message:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
...
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 500.

As you can see, the headers are there in the output, but for some reason the browser is not recognizing them.

I suspect that since I am looking at the raw output on the AS/400 and the browser is running on Windows, that it might be a codepage problem. I've tried different combinations of codepage translation but most of them produce garbage characters.

I am translating my headers using dcl-s with the CCSID keyword, and using yajl-copyBufStr() to dump the object structure to a string and writing them both using QtmhWrStout(). Which CCSID(s) should I be using?

I am using this page to develop a technique basis for building a company wide intranet single page app. I want to get this "Hello World" request correct before I start cloning it on a few dozen other pages.

Hi Gregory. Did you ever get this working? I'm running into the same issue. I have a JSON that I'm trying to return as well, but get nothing but garbage. I'm new to this, so it's pretty frustrating. I'm assuming it has something to do with the CCSID, but not sure which to use. I'm not doing the cross-origin thing, not even sure what that does! Lol

Any suggestions would be appreciated.