Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderator: amosbatto

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.
#789280
I have followed the tutorial from the PM docs (http://wiki.processmaker.com/3.1/OAuth_2.0) and have not success accessing the access token.
Currently I am using the trial version of PM and I would like to access the APIs via jQuery, the browser returns the following error: "XMLHttpRequest cannot load 'myPMServerAddress' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.".

I registered my apps server (http://localhost:8100) within the Website box of the (User Applications -> +New) form and my code looks as followed:
Any suggestions as I am not experienced with CORS and have no idea how to tell PM APIs to include it....
BTW, I always end in the .fail()
Code: Select all
  
  var restServer = 'https://trial.processmaker.com/';
  var workspace = 'myWorkspace/';
  var jqxhr = $.ajax({
        type: "POST",
        url:  restServer + workspace + 'oauth2/token',      
            data: {
            grant_type   : 'password',
            scope        : '*',
            client_id    : 'myClientId',
            client_secret: 'myClientSecret',
            username     : 'admin',
            password     : 'myPassword'
        }
    })
        .done( function(data) {
            if (data.error) {
                alert("Error in login!\nError: " + data.error + "\nDescription: " + data.error_description);
            }
            else if (data.access_token) {                
               alert("data access token received!");              
                var d = new Date();
                d.setTime(d.getTime() + 60*60*1000);
                document.cookie = "access_token="  + data.access_token  + "; expires=" + d.toUTCString();
                document.cookie = "refresh_token=" + data.refresh_token; //refresh token doesn't expire
            }
            else {
                alert(JSON.stringify(data, null, 4)); 
            }
        })
        .fail(function(data, statusText, xhr) {
            alert("Failed to connect.\nHTTP status code: " + xhr.status + ' ' + statusText);
        });    
}); 
#789287
This is caused by CORS.
To learn more, see:
http://stackoverflow.com/questions/5750 ... st-working
http://stackoverflow.com/questions/1063 ... eader-work

Turn on the debugger in your web browser and check whether ProcessMaker is returning a response header which contains:
Code: Select all
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin.png
Access-Control-Allow-Origin.png (35.14 KiB) Viewed 1911 times
If you just want to test the REST API, then do your calls in a ProcessMaker trigger or in the JavaScript in a DynaForm that calls the same server.

You can get around this problem in many ways, but you need to have your own installation of PM. The easiest solution is to simply place your code file directly in the workflow/public_html directory. (Don't place the code in a subdirectory in public_html because ProcessMaker will block it). Another solution is to use PHP rather than JavaScript to do your REST calls.

The best solution is to configure Apache to always approve CORS.
Change the configuration of the pmos.conf file which defines the virtualhost used by ProcessMaker in Apache from something like:
Code: Select all
<VirtualHost localhost>
    ServerName "localhost"

    DocumentRoot /opt/processmaker/workflow/public_html
    DirectoryIndex index.html index.php

    <Directory /opt/processmaker/workflow/public_html>
        Options Indexes FollowSymLinks MultiViews
        AddDefaultCharset UTF-8
        AllowOverride None
        Require all granted
        ExpiresActive On

        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^.*/(.*)$ app.php [QSA,L,NC]
        </IfModule>
        AddOutputFilterByType DEFLATE text/html
    </Directory>
</VirtualHost>
To something like this:
Code: Select all
<VirtualHost localhost>
    ServerName "localhost"

    DocumentRoot /opt/processmaker/workflow/public_html
    DirectoryIndex index.html index.php

    <Directory /opt/processmaker/workflow/public_html>
        Options Indexes FollowSymLinks MultiViews
        AddDefaultCharset UTF-8
        AllowOverride None
        Require all granted
        ExpiresActive On

        # Always set these headers.
        Header set Access-Control-Allow-Origin "*"
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
        Header always set Access-Control-Max-Age "1000"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token

        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^.*/(.*)$ app.php [QSA,L,NC]

            # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
            RewriteCond %{REQUEST_METHOD} OPTIONS
            RewriteRule ^(.*)$ $1 [R=200,L]
        </IfModule>
        AddOutputFilterByType DEFLATE text/html
    </Directory>
</VirtualHost>
#789655
Although the staff at PM said it was a security issue on their trial version servers, I discovered it was an error in the workspace url reference. trial.processmaker.com/sysmyWorkspace/oauth2/token was the address I was trying to reach, but I should have removed the 'sys' from the work space and used trial.processmaker.com/myWorkspace/oauth2/token
#789664
Out of curiosity who did you talk to who told you that it was a security issue? I think all current versions of PM now send "Access-Control-Allow-Origin: *" in their headers, so CORS is no longer a problem. It was a problem with some older versions of PM. I'm not sure in what version they added that header.
#813929
Need to say, it's kind of impressive how short time you guys need in order to sort out things like that. I've bumped into this thread accidentally, while searching for some jQuery examples to have some practice on, and that instruction looks like turkish to me. Frankly, I'm new to Java, like new-new (just 2 months have passed), so the very things I have solid confidence about so far is theory and some simple programs calculator alike. I made it clear with these java tutorials https://explainjava.com/ because these are the only ones I found understandable for complete newbies, and I had zero coding background before, HTML doesn't count for sure. Anyway, I found this thing of yours quite inspiring for me to start some practice on, so thank you for that
#826022
amosbatto wrote: Tue Feb 21, 2017 10:34 pm This is caused by CORS.
To learn more, see:
http://stackoverflow.com/questions/5750 ... st-working
http://stackoverflow.com/questions/1063 ... eader-work

Turn on the debugger in your web browser and check whether ProcessMaker is returning a response header which contains:
Code: Select all
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin.png

If you just want to test the REST API, then do your calls in a ProcessMaker trigger or in the JavaScript in a DynaForm that calls the same server.

You can get around this problem in many ways, but you need to have your own installation of PM. The easiest solution is to simply place your code file directly in the workflow/public_html directory. (Don't place the code in a subdirectory in public_html because ProcessMaker will block it). Another solution is to use PHP rather than JavaScript to do your REST calls.

The best solution is to configure Apache to always approve CORS.
Change the configuration of the pmos.conf file which defines the virtualhost used by ProcessMaker in Apache from something like:
Code: Select all
<VirtualHost localhost>
    ServerName "localhost"

    DocumentRoot /opt/processmaker/workflow/public_html
    DirectoryIndex index.html index.php

    <Directory /opt/processmaker/workflow/public_html>
        Options Indexes FollowSymLinks MultiViews
        AddDefaultCharset UTF-8
        AllowOverride None
        Require all granted
        ExpiresActive On

        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^.*/(.*)$ app.php [QSA,L,NC]
        </IfModule>
        AddOutputFilterByType DEFLATE text/html
    </Directory>
</VirtualHost>
To something like this:
Code: Select all
<VirtualHost localhost>
    ServerName "localhost"

    DocumentRoot /opt/processmaker/workflow/public_html
    DirectoryIndex index.html index.php

    <Directory /opt/processmaker/workflow/public_html>
        Options Indexes FollowSymLinks MultiViews
        AddDefaultCharset UTF-8
        AllowOverride None
        Require all granted
        ExpiresActive On

        # Always set these headers.
        Header set Access-Control-Allow-Origin "*"
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
        Header always set Access-Control-Max-Age "1000"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token

        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^.*/(.*)$ app.php [QSA,L,NC]

            # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
            RewriteCond %{REQUEST_METHOD} OPTIONS
            RewriteRule ^(.*)$ $1 [R=200,L]
        </IfModule>
        AddOutputFilterByType DEFLATE text/html
    </Directory>
</VirtualHost>
i have a big problem about this, i tried this and in casespage.php, but still didn't work,
#826057
fiqihpunya wrote: Sun Aug 18, 2019 8:32 pm
amosbatto wrote: Fri Aug 16, 2019 9:12 pm fiqihpunya, What version of PM are you using? Are you calling the PM REST API from inside a PM trigger, plugin or with JavaScript inside a Dynaform? or are you calling it from outside PM?
i'm using PM 3.1 and i calling API in javascirpt inside dynaform,
If you are using version 3.1 then you will either have to upgrade or change your Apache configuration as I explained in the previous post. If upgrading, I don't recommend upgrading past version 3.2.1. See:
https://www.pmusers.com/index.php/Bugs_ ... _upgrading
Task doesnt have any users.

I have created a small process. Users are assigned[…]

NEW MOBILE APP ISSUE

Just trying to setup to use the mobile App with my[…]

It's really a great idea. I have followed the seco[…]

yes i use php thanks for the information