Cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Siemens Genius Siemens Genius
Siemens Genius

We try to support this in the next two months. 

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Siemens Valued Contributor Siemens Valued Contributor
Siemens Valued Contributor

Great, thanks for the updates.

I have another issue, can you please check - https://community.plm.automation.siemens.com/t5/Developer-Space/MindSphere-Gateway-returning-403-for...

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Creator
Creator

Do we have a release date for the CORS ability? Have exactly the same issue, because we use a mindsphere CF app as middleware providing an own REST API and another mindsphere CF app providing the UI as static site. My calls also are in the same tenant. My application is not running due to the CORS problem.

 

tenant-myapi-tenant.eu1.mindsphere.io/api/v1/devices:
1 Failed to load resource: the server responded with a status of 403 ()
Failed to load https://tenant-myapi-tenant.eu1.mindsphere.io/api/v1/devices:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'https://tenant-myfrontendapp-tenant.eu1.mindsphere.io' is therefore not allowed access. The response had HTTP status code 403. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Siemens Experimenter Siemens Experimenter
Siemens Experimenter

@MichaelE wrote:

@Dineshb currently this is not possible to call your APIs from outside of MindSphere. We are working on a mechanism that allows you to issue service credentials (technical token) for calling those.


 

1. Is the "technical token" different from the service credentials?

2. Will developers/users be able to self-service tokens/credentials without submitting tickets?

3. What is the timeframe on this, is it still on track for release in a month?

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Creator
Creator

Hello,

 

I am migrating our HTML5 web application using some backend micro services from MSv2 to MSv3, and now having also this CORS issue.  In MSv2 there was no CORS issue, since all app has the same parent root path:  <tenant>.apps.mindsphere.io.

This would be a major blocker for people who wanted to migrate the webapp and micro services to MS.

Questions:

1. When will the CORS ability be available, which was mentioned a few months ago?

2. Is there any workaround e.g. using  ACCESS-CONTROL-ALLOW-ORIGIN header or  CSP header (I tried this but not successfull), until the CORS feature is really supported ?  Otherwise the migration effort would be much higher to introduce new backend service in every web project containig web static files.

 

Thanks,

Greg

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Legend
Legend
A quick question to the people asking for CORS support: maybe I'm understanding your questions incorrectly, but isn't it so that you can add your required CORS headers on the backend app, and then the frontend app will be able to query the API of the backend? We at least implemented that in a project running in MindSphere a couple of months back and it worked.

As long as the user making the requests can access both apps (the token is valid), and you are forwarding it from the frontend app to the backend app, there shouldn't be any issue. You might also need to tweak the CSP policies in the Developer Cockpit depending on the resources loaded.

:-?

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Creator
Creator

Hello,

Actually, I tried to do the same as you explained, i.e.  set the CORS headers in the backend app and changed the csp header policy. If I directly call the backend app (REST API URL) from the web browser, I got also the expected CORS header and the query returns results, but not if I use the same query from the frontend app. I am not sure,whether this is something to do with the CSP. Could you please elaborate more, what need to be specified in the CSP of both  backend and frontend app?  

Another question: Did you add your backend as an additional component inside the same registered application that also contains the frontend part? In my case, I am using a backend service from another registered application.

Does MindSphere Gateway check/change the CORS response headers returned by the other application or always forward all headers to the frontend user?

 

Best regards,

 

 

 

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Legend
Legend

As far as I know, the gateway does not interfere with the CORS headers, just sits in front for authentication. The CORS headers are decided by your backend app as long as you reach your code (pass the authentication).

 

In our case, for simplicity, we build a static version of the app that is included in the server, so everything stays within the same app. But we also built a proxy app that forwards queries to other internal applications, and also had another project where we had two components on the same app. Both worked, just need to use the internal endpoints (the one you get with "cf apps").

 

 

Regards,

Diego

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Creator
Creator

That's what I also did at the end by using a proxy app (request forwarder), but I think it would be just a workaround in my case, because I have multiple frontends, which use the same backend service. 

IMO, in MSv3 one shall be able to provide a common backend service that can be used by multiple frontend applications without such additonal proxy app in every related application.

 

BR,

Greg

Re: Call backend api hosted on MindSphere from UI app hosted on MindSphare - CORS Issues

Legend
Legend
Just out of curiosity: did you try to use the internal address of your backend app when forwarding the queries? By your description both frontend and backend were actual apps in mindsphere and both were exposed externally. Just wondering if you could just trigger the query to the frontend app running in mdsp and then from there direct it to the backend app but using the internal endpoint. I think the authentication path is different in that case.