Icon View Incident Report

Minor Minor
Reported By: Chris Holland
Reported On: 11/20/2012
For: Version 1.01 Build 2
# 3699 Cross Origin Requests Not Being Handled Properly by the Web Server for DataSets and Static Content

When I use cross site scripting to Load data tables, it works with IE but not with Chrome or Firefox.

The reason is because IE doesn't care and just does it, but Chrome will send an "Access-Control-Allow-Origin" header before passing the actual request. This header is added automatically by Chrome because it has detected cross site scriting.

I modified my web server to return a confirmation to the "Access-Control-Allow-Origin" message to confirm that it was in fact allowed, but EWB sees some kind of response to this "allow" message that is not what it was expecting and throws a data response error.

I am unsure why sending a header response to confirm access control returns data to EWB, but it does appear to and this is what cause the problem.

Comments Comments
The issue is with the EWB Web Server's response to cross-origin dataset requests. The web server now includes an "Enable Cross-Origin Resource Sharing" option in the web server configuration dialog (Content tab) that specifies that the web server will allow and handle cross-origin resource sharing. This feature allows the web server to serve static and dataset content in response to requests from origins (domain name and port number) that are different than that of the static and dataset content. Normally, web browsers don't permit such cross-origin requests unless the web server specifically allows them.

Resolution Resolution
Fixed Problem on 12/16/2012 in version 1.01 build 3

Products Affected Products Affected
Elevate Web Builder
Elevate Web Builder Trial