CORS Issue - Cannot access resources of Clarity from Rally
search cancel

CORS Issue - Cannot access resources of Clarity from Rally

book

Article ID: 399288

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

A custom HTML with JavaScript is deployed in Rally. It tries to pull data from Clarity and then display it in Rally. This is however not working. The following error message is visible in Developer Tools > Console tab of a web browser:

Access to fetch at 'https://clarity_server/ppm/rest/v1/projects' from origin 'https://eu1.rallydev.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Note that the requirement is to not display a page of Rally from Clarity via a Channel. It is instead to use REST APIs of Clarity to fetch data from Rally.

Resolution

Clarity has to be first instructed to allow outgoing traffic to Rally. Command to be executed for that is as follows:

admin system-options -add CONTENT_SECURITY_DOMAINS eu1.rallydev.com -multi

It has to be then instructed to share its resources with Rally when the request originates from Rally. Command for this purpose is as follows:

admin system-options -add CORS_ALLOW_ORIGIN 'https://eu1.rallydev.com’ -multi

If an API Key is being used while requesting for a resource from Rally, then Clarity mandates that a header called 'x-api-ppm-client' is passed for it to be processed at Clarity. For this purpose the following command has to be executed, to include this header in the CORS supported headers:

admin system-options -add CORS_SUPPORTED_HEADERS 'x-api-ppm-client' -multi

Note that if Basic Authentication is used, then the need to include the above header does not arise.

 

Additional Information

Queries that can be used to verify if entries got inserted by running the admin commands mentioned above, are as follows. They are in the same order as the admin commands.

select cov.value, cov.id, co.*
from cmn_options co
join cmn_option_values cov on cov.option_id = co.id
where upper(co.option_code) like 'CONTENT_SECURITY_DOMAINS'
order by cov.value
;

select cov.value, cov.id, co.*
from cmn_options co
join cmn_option_values cov on cov.option_id = co.id
where upper(co.option_code) like 'CORS_ALLOW_ORIGIN'
order by cov.value
;

select cov.value, cov.id, co.*
from cmn_options co
join cmn_option_values cov on cov.option_id = co.id
where upper(co.option_code) like 'CORS_SUPPORTED_HEADERS'
AND cov.value = 'x-api-ppm-client'
order by cov.value
;

Powered by Wolken Software