3
votes

I am developing a datasnap server with REST. When the client trying to use a POST request the browser is trying to execute a OPTIONS request first that my server can't respond. Searching I found that is a browser security issue named CORS (Cross Origin Resource Sharing) because my client is in a different domain than the datasnap server.

What should I do, since data snap does not has a OPTIONS rest request ??

2
The client being in a different domain is not the problem. CORS comes into play when the domains of the server who serves the JavaScript and the server who serves the REST web service are different - mjn
@mjn not only JavaScript but also any ajax xmlhttprequest. CORS is mandatory for any serious RESTful process. If datasnap does not support it, it would be a very serious restriction. - Arnaud Bouchez
Did you try to file a bug report / feature request for DataSnap? - mjn

2 Answers

2
votes

You can set your Datasnap Server to answer to any CORS request on the WebModule BeforeDispatch event.

procedure TWebModule1.WebModuleBeforeDispatch(Sender: TObject; Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
begin
  Response.SetCustomHeader('Access-Control-Allow-Origin','*');        

  if Trim(Request.GetFieldByName('Access-Control-Request-Headers')) <> '' then 
  begin 
    Response.SetCustomHeader('Access-Control-Allow-Headers', Request.GetFieldByName('Access-Control-Request-Headers'));        
    Handled := True;
  end;

  if FServerFunctionInvokerAction <> nil then
    FServerFunctionInvokerAction.Enabled := AllowServerFunctionInvoker;
end;
0
votes

Workaround: use a reverse proxy server for HTTP (Apache HTTP), and configure Apache so that the OPTIONS request will be answered by a different HTTP server. From the outside, the client will not be able to see a difference because all communication is done between client and Apache.