Webdev Module and AJAX

Has anyone been involved in development of a web interface using AJAX for API calls to the Ignition server? We’re running into CORS issues and I’m trying to understand what needs to be done on the Ignition web app in Jetty (if anything) to set up CORS filters, and then the corresponding requirements on the AJAX side.

Any help is much appreciated!

Clint.

This post will probably help:

Amazing, got it working with that helpful tidbit…unfortunately that one doesn’t show up in a ‘webdev’ search since they call it ‘Web Dev’…

Just an FYI for anyone running into this as well. This worked only when authentication was not required on my Python resource. With authentication forced I did need to make changes to Jetty in the web.xml file to include the OPTIONS method in the allowedMethods, and in the allowedOrigins set a wildcard * as the value. Otherwise in an ajax get or post method, the preflight message with auth fails (as it is sent as an OPTIONS method, and requires that the server allow the originating client in the cross-origin filter.

In the end I ended up creating a custom authentication API using the ignition users and the system.security.validateUser() function. I then generate a unique key for the session and send it to the browser in the response. This way I can control the sessions and time them out when I want to on the server side.

1 Like

ctonge,

Could you please include a little bit more details about the changes you made to the web.xml file? I’m also struggling with the fact that I need authorization on all my calls but I can’t seem to add the authorization headers to my pre-flight requests.

for each of my “controllers” I’ve added an OPTIONS response like this:

servletResponse.setHeader(‘Access-Control-Allow-Origin’, ‘’)
servletResponse.setHeader(‘Access-Control-Allow-Headers’, '
’)
servletResponse.setHeader(‘Access-Control-Allow-Methods’, ‘*’)

It would be great if I could set this in an xml file and not have to copy this into the options request of every “controller”

Hey sorry for the delayed response. I’ve had to go back to my notes on this. You have to add the jetty servlets jar per below:
$ sudo cp jetty-servlets-9.3.8.v20160314.jar /usr/local/bin/ignition/webserver/webapps/main/WEB-INF/lib

Then add the following to the web.xml file:

<filter>
    <filter-name>cross-origin</filter-name>
    <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
    <init-param>
        <param-name>allowedOrigins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>allowedMethods</param-name>
        <param-value>GET,POST,DELETE,PUT,HEAD</param-value>
    </init-param>
    <init-param>
        <param-name>allowedHeaders</param-name>
        <param-value>origin, content-type, accept</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>cross-origin</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

This worked for me on version 7.9.7, but haven’t tried with any versions since. Hope it works for you.

1 Like

And sorry for my switching of account names! LOL.

I tried to do this to my C:\Program Files\Inductive Automation\Ignition\webserver\webapps\main\WEB-INF\web.xml file and restart the web server but after I do this the Ignition website returns a 503 Service Unavailable error. I downloaded a thread dump using the Ignition Gateway Control Utility but I didn’t see any errors. Once I commented out this section and restarted the web service I was able to get back to the ignition log viewer and I was able to view the logs. I didn’t see any errors related to the web service configuration.

Did you add the .jar file I mentioned?

I figured it out yesterday. I looked at the directory and saw jetty-servlet and thought I already had the file necessary. One additional thing I had to do was to add

<init-param>
    <param-name>chainPreflight</param-name>
    <param-value>false</param-value>
</init-param>

to the filter so that it would work when the endpoint required authentication.

1 Like

Could you please elaborate on what Kevin has suggested as the solution to the CORS issue? What exact code has to be put in the doGET and doPost methods of webdev postjson script? Then I will come to accessing with authentication.

Got it! It was firewall issue, that prevented the access. Its working now. However, I need to try the secure access!

However, I observe that when a remote client on another machine on network goes to hibernation mode , the connection times out and we have to restart the client window! Is there a way out?

Nope. Hibernation cuts off all TCP channels, per the TCP standard (timeout). Don’t let the client hibernate (or sleep) if continuous connection is important.

ok thanks, but Ignition server is amazing, it never fails, after wake-up is reestablishes all its connections.