>  Docs Center  >  Geospatial Services Framework  >  GSF Tutorial: Enabling CORS support in GSF
Geospatial Services Framework

GSF Tutorial: Enabling CORS support in GSF

GSF - Tutorial - Enabling CORS support in GSF

What is CORS?

Cross-Origin Resource Sharing (CORS) is a security feature built into modern web browsers. For security, your web browser prevents scripts from initiating cross-origin http requests. To do this, the web browser checks to make sure all requests only go to the same domain and returns an error if they do not. That means when you connect to myServer.com, any scripts running on that page can only make requests to myServer.com. However, in the new world of microservices and software as a service, that can be very limiting. If you would like to host a webapp on myServer.com, and you want to expose a GSF server at gsf.myServer.com, the browser won't let you hook the webapp to the GSF service. CORS provides a mechanism for GSF to tell the web broswer that it is a service that expects cross-origin requests and to not block them.

GSF needs to return special access control headers in all responses that tell the server that this is intended behavior.

Configuring GSF

There are two steps to enable CORS support in GSF.

The first step is to add the header and pre-flight handling to all requests to GSF. GSF comes with a request handler that will inject the CORS headers into responses from the server as well as listen for the pre-flight requests and respond to them.

To configure the CORS Request Handler, start a command prompt in the GSFxx directory and execute the following commands:

node updateConfig.js --arrayadd requestHandlers={\"type\":\"gsf-cors-request-handler\"} --addbefore [type:ese-request-handler]

The updateConfig.js script will automatically back up the original config.json file for you.

You may also edit the config.json file manually as shown below. It is highly recommended that you save a backup copy of the config.json file before making any changes.

Example config.json excerpt with modifications:

{
  "requestHandlers": [
    {
      "type": "gsf-cors-request-handler"
    },
    ...
  ]
}

By default it will allow ALL webapps to use GSF as a service. If your GSF instance is intended to just serve a specific web app, you should add the webapp's domain as an "origin" (the hostname should be lowercase).

To set these additional values (after having set the workspace manager type above) using a command line, enter the following commands from within the GSFxx directory:

node updateConfig.js --set requestHandlers[type:gsf-cors-request-handler].origin=[\"http://myserver.com\"]

The updateConfig.js script will automatically back up the original config.json file for you.

You may also manually add the origin by editing the config.json as shown below:

{
  "requestHandlers": [
    {
      "type": "gsf-cors-request-handler",
      "origin": ["http://myserver.com"]
    },
    ...
  ]
}

At this point, clients will be able to use most request handlers that are enabled in GSF.

The second step is to configure the gsf-events-request-handler for CORS. The event source module performs an additional check on the server to ensure that only supported origins are connected.

node updateConfig.js --set requestHandlers[type:gsf-events-request-handler].cors.origins=[\"http://myserver.com\"]

The updateConfig.js script will automatically back up the original config.json file for you.

Or manually edit the GSF configuration file to allow the same domains as above (use "*" if you didn't add an origin above):

{
  "type": "gsf-events-request-handler",
  "cors": {
    "origins": ["http://myserver.com"]
  }
},

Restart the server for the configuration changes to take effect.

Testing CORS support

First configure GSF to allow "http://localhost:9292" as an origin by following the above instructions.

To test the setup, we will create a simple webapp hosted on a nodejs http server that uses the javascript SDK to make a request to GSF.

First create the http server, create a file called server.js:

var http= require('http');
var fs = require('fs');
http.createServer(function(req, res) {
  fs.createReadStream('index.html').pipe(res);
}).listen(9292);

Then create an index.html file next to it:

<script src="https://cdn.rawgit.com/geospatial-services-framework/gsf-js-client-sdk/master/dist/GSF.min.js"></script>
<script>
const server = GSF.server({address:'localhost',port:9191});
server.job(1).info().then((job) => {
  document.body.innerHTML = "Success: <pre>" + JSON.stringify(job, null, 2) + "</pre>";
}).catch((err) => {
  document.body.innerHTML = "Error:" + err;
});
</script>

Then start the server:

node server.js

Open the test page in a new browser tab: opens in a new tab

If everything is working, you should see:

Success:
{
  "jobId": 1,
  "jobStatus": "Succeeded",
  "jobStatusURL": "ese/jobs/1/status",
  (etc.)
}



© 2019 Harris Geospatial Solutions, Inc. |  Legal
My Account    |    Store    |    Contact Us