The 3rd alternative is to use this method of setting up Apache and using
it's reverse proxy feature. This is the most complicated and requires
the most system resources of the possible options, but seems to be the
road you were heading down. I don't think I'd go that way, myself
I suggested this solution because Booth already had his web-service running under a different host than where he was serving his web pages (as for why that might be I don't know).
I disagree that setting up a reverse proxy this is more complicated than setting up CORS, which is a nasty hack IMO. To the best of my knowledge, best practices dictate not exposing an application server directly to the outside world and always to front them with a proxy or some kind, for security and availability reasons. I accept this maybe unnecessary for a simple in-house web app like the Booth's but I think it is the correct solution and I don't see any particular disadvantage of doing it this way.
Tim.
________________________________
From: WEB400 <web400-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Scott Klement <web400@xxxxxxxxxxxxxxxx>
Sent: 09 April 2019 04:21
To: web400@xxxxxxxxxxxxxxxxxx
Subject: Re: [WEB400] CORS header 'Access-Control-Allow-Origin'
Hi Booth,
Below are your questions with my thoughts:
Can I put the web page on the same server as provides the web
services? I have no idea, i don't even want to
know.
Err, you asked the question, but you don't want to know? I assume you
do want to know.
First of all, the answer is yes.
First option: When you create a server with IWS, it generates an Apache
server that acts as a front-end for the application server. For
example, if you told IWS to generate a server named 'BOOTHIWS', you
should have an IFS directory /www/BOOTHIWS/htdocs and inside that you
can put html, javascript,. css,. images, etc. etc. The only caveat is
that IWS expects any URL whose path begins with /web/ to point to the
integrated application server.
http://yourserver:xxx/my.html will work
fine but you can't use
http://yourserver:xxx/web/my.html because the IWS
tooling expects to handle anything beneath /web/. Also, there's a
normal Apache instance there, you can go into it and add any other
aliases, scriptaliases, etc that you want. If you do want to bypass
CORS using the ACOA header you can add it into this Apache config, using
Nadir's example as a template.
The 2nd alternative (which you won't like, so why I am saying it?!) is
that you could use Apache for your web services instead of IWS. Since
IWS isn't there to handle the JSON code, you use something like YAJL or
SQL instead. This way, there is only one server. This is how I do it.
The 3rd alternative is to use this method of setting up Apache and using
it's reverse proxy feature. This is the most complicated and requires
the most system resources of the possible options, but seems to be the
road you were heading down. I don't think I'd go that way, myself.
I can consume that data off my PC's browser with no problem but from a
server at the same root url? Things go all wobbly, which
I suspect is a reflection upon my ignorance of the processes involved.
Yes, if you're using a server with the same root, there's no CORS
issue. (That's what you're asking, right?)
--
Scott Klement
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.scottklement.com&data=02%7C01%7C%7Cc61ea88a66f64907e4fa08d6bc9222de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636903733165949390&sdata=ogL9YlTS6s5xv6aa2ZRtswghTTulRDAkDxdug0enuJk%3D&reserved=0
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fweb400&data=02%7C01%7C%7Cc61ea88a66f64907e4fa08d6bc9222de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636903733165949390&sdata=c1IhQCSeb0q9ddTTRn4dtnRneNqQYpffIwtxcMEOp6w%3D&reserved=0
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fweb400&data=02%7C01%7C%7Cc61ea88a66f64907e4fa08d6bc9222de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636903733165949390&sdata=DmGXeGmn2J%2BpMkgtvnY7hc2%2Bfq%2FWfPZI5AOxVrFkeG8%3D&reserved=0.
midrange.com
