Enable CORS?
sdellis opened this issue · comments
Nice work on this! Very simple to get up and running. Have you considered enabling CORS by adding the CORS Filter to the web.xml file? My Mirador instance lives in another app and I would prefer to use the annotation server from another origin.
+1. Same issue while trying to deploy on a web server. Already tried to enable CORS yesterday but did not work in my Tomcat (7.0.59) using the minimal config:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Thanks both a very good point about CORS will look at it now and see if I can get Régis's code working.
I've added the following headers to every request:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
will that work for you both or do you need different headers? With remote Mirador instances how did you connect it to the annotation store? Was it as simple as changing the url in the following:
annotationEndpoint: {
name: 'Simple Annotation Store Endpoint',
module: 'SimpleASEndpoint',
options: {
url: '/api/annotation',
storeId: 'comparison',
APIKey: 'user_auth'
}
}
(You may have noticed I haven't tested with a remote Mirador)
@glenrobson , those headers should be fine. It should be as simple as changing the url option. Is this for both Tomcat and Jetty configurations and is the /api/annotation a publicly accessible interface?
I'm testing it with the Jetty config and I'm getting a "Undefined is not a Function" JS error on this line.
The SimpleAnnotationServer is running fine locally at http://192.168.59.103:8888/index.html (I am using the IP instead of localhost because I have it running locally through a VM). This is what my Mirador annotationEndpoint config looks like:
...
"annotationEndpoint" : {
"name" : "Simple Annotation Store Endpoint",
"module" : "SimpleASEndpoint",
"options" : {
"url": "http://192.168.59.103:8888/api/annotation",
"storeId" : "comparison",
"APIKey" : "user_auth"
}
}
...
Ok, I looked into this a little further and it seems that "http://192.168.59.103:8888/annotation" should work as the url option. Which branch of Mirador are you using? Master? I'm a bit surprised that Mirador would not simply have one endpoint with different request headers as opposed to a different path for creating, listing, updating, and deleting annotations.
Hi Shaun,
Thanks for looking into this, Ill give it a go here and see how far I get. Regarding the branch of Mirador it was from master but I haven't updated since the following commit:
ProjectMirador/mirador@76a757c
regarding different paths for CRUD thats my code rather than mirador. The JavaScript for this is in simpleASEndpoint its a close copy of the Catch endpoint which has the same paths for CRUD operations. I'm planning to change it to accept headers and try and make it cleaner (#5) but as its working I'm not going to change it straight away.
Cheers
Glen
sorry also:
Is this for both Tomcat and Jetty configurations and is the /api/annotation a publicly accessible interface?
The CORS headers should work for both tomcat and jetty and yes the /annotation should be publicly accessible.
Thanks Glen. I think it's fine too with those headers.
I faced an issue after deploying on a production server that provides access to Tomcat apps through Apache mod_jk. I had to set "Access-Control-Allow-Origin" and "Access-Control-Allow-Headers" manually in the vhost configuration because these headers were lost while passing through AJP (but I may have missed something...).
I also had to add "x-annotator-auth-token" to the Access-Control-Allow-Headers.
I tried to deploy the webapp on a server using Sesame as the storage solution, but unfortunately it raised another issue (which is not related to SimpleAnnotationServer at first glance): "Problem connecting to Sesame. Unsupported MIME type: application/ld+json"
If it's relevant for you I could post a separate ticket about that in two weeks (I'm out of the office next week).
I think I've fixed the CORS issue and remote Mirador. I had to add the following CORS headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
I removed the x-annotator-auth-token Régis noticed as the annotation server doesn't support auth (yet) so there was no need to keep it (hangover from my hacking the catch endpoint javascript).
Also embarrassingly I didn't use the url parameter past in the setup of the simple annotation server so I've fixed that now so you should be able to configure it as Shaun detailed earlier. I've added a RemoteStore.md with instructions and an example in remote.html.
Let me know if it works now. Note with fixing the url config you now need to pass in url : 'annotation' if your using a local AnnotationStore.
Cheers
Glen
Problem connecting to Sesame. Unsupported MIME type: application/ld+json"
Do you know what version of Sesame your using? It looks like json-ld was introduced in version 2.7. I've been testing with version 2.8.1.
Hope that helps.
Cheers
Glen
It seems I'm using Sesame 2.7.13. I will check again next week and maybe give a try with an upper version. Anyway I need to upgrade very soon while moving to a new server.
Cheers
Regis
Hooray! I got this working thanks to your recent changes and my new understanding that I needed to include that simpleASEndpoint.js file in my HTML. Thanks for all your work and attention on this, Glen. Should we close this issue and move the Sesame problem to a different issue?