How to enable CORS in OrientDb server-config.xml

2
votes

Am using OrientDb database, I have setup Orientdb server in my system, OrientDb has exposed Http Api's. So am trying to call API http://localhost:2480/query/test2/sql/select * from OUser , From javascript using AJAX call, I have set headers 

Accept : "application/json;charset=utf-8",  
"Access-Control-Allow-Origin":"*",  
'Access-Control-Allow-Methods': 'POST, GET, DELETE, HEAD, OPTION',  
'Access-Control-Allow-Headers': 'Origin, x-requested-with, content-type,  accept',  
'Access-Control-Allow-Credentials': true

And also I enabled CROS in orientdb-server-config.xml

  1. parameter name="network.http.additionalResponseHeaders" value="Access-Control-Allow-Origin:*;Access-Control-Allow-Credentials: true;Access-Control-Allow-Headers: Origin, x-requested-with, content-type, accept;Access-Control-Allow-Methods: POST, GET, DELETE, HEAD, OPTION"
  2. parameter value="utf-8" name="network.http.charset"

Still am getting

Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response.

How to enable CORS in OrientDb server?

1
javascriptcross-domainorientdbsame-origin-policy

1 Answers

0
votes

Access-Control-Allow-* are response headers, not request headers. They are used so the server can give your JS permission to read its data (not so that your JS can give itself permission to read the server's data).

You are setting them as custom request headers (in your JavaScript).

The CORS spec requires that you have explicit permission to set custom request headers, and you don't have permission from the server to set those (and why would you? They are nonsense.).

Don't set them in the JS.