Hello everybody,
i am currently trying to send a http post-request to an REST API via the generic javascript view node. Below is a example code snippet from the node:
var xhttp = new XMLHttpRequest();
var jsonBody=JSON.stringify({itemID: ‘123456789’});
var url=‘https://REQUESTURL’
xhttp.open(“POST”,url,true);
xhttp.withCredentials=true;
xhttp.setRequestHeader(“Content-type”, “application/json”);
xhttp.setRequestHeader(“Authorization”, "Basic " + btoa(“USERNAME:PASSWORD”));
xhttp.setRequestHeader(“Accept”, “application/json”);
xhttp.send(jsonBody);
After executing my worklflow in the KNIME Webportal i get following console Log:
“Refused to connect to REQUESTURL because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘connect-src’ was not explicitly set, so ‘default-src’ is used as a fallback.”
Furthermore I get StatusCode 0, Readystate 1 and an empty responseText back from my request. Maybe somebody already had a similar case and an idea to solve this problem. Since I am still a bit new to KNIME, I am grateful for any kind of tips and tricks.
Best Regards
maaartyN
Hi,
this is because KNIME Server does not allow WebPortal workflows to access external sites by default for security reasons. This can be changed in the server configuration (knime-server.xml) by setting com.knime.server.csp-report-only=true.
Kind regards,
Alexander
2 Likes
Hi Alexander,
thanks for your help. Tried this, but it did not quite work. I get the following error message:
" [Report Only] Refused to connect to ‘https://REQUESTURL’ because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘connect-src’ was not explicitly set, so ‘default-src’ is used as a fallback"
“POST http://MYURL/csp-report 404”
“Access to XMLHttpRequest at ‘https://REQUESTURL’ from origin ‘http://MYURL’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
“POST https://REQUESTURL net::ERR_FAILED”
I have read that another option would be to add an Access-Control-Allow-Origin header to the response from the KNIME Server (Source: CORS header issues when using KNIME REST API). How does that work exactly? Do I simply have to specify my URL in the web.xml from my server under the parameter cors.allowed.origins and then it should work or do i have to perfom any further actions?
Best Regards
Marty
Hi Marty,
In this case the problem is with the MYURL server. This is not the KNIME Server, correct? It does not allow requests from any other URL. This is something that would have to be changed on that server so that it allows a request coming from a browser where the page was loaded from a different URL. If you can put the request into a POST Request node instead of doing it from the Generic JS View, it should work, as the request would not come from a browser.
Kind regards,
Alexander
Hi Alexander,
sorry for any confusion, but MYURL is the address of my knime server and REQUESTURL the url from the Rest API. I know that you can also create a post-request using the provided nodes for this purpose, but i would like to implement it in javascript node for my use case. Therefore i would like to ask if i have to change any other settings in the Config of my KNIME server.
Best Regards
Marty
Hi Marty,
Ah, I see. In that case yes, you have to edit the web.xml as described in the other post. Let me know how it goes!
Kind regards,
Alexander