we are using ColdBox for our backend application and we are experiencing weird problems with CORS. We have a preProcess function that servers as interceptor for ajax calls and it is like this:
function preProcess( event, data, buffer, rc, prc ){
event.setHTTPHeader( name="Access-Control-Allow-Origin", value="http://localhost:3000" );
event.setHTTPHeader( name="Access-Control-Request-Headers", value="" );
event.setHTTPHeader( name="Access-Control-Request-Methods", value="GET,HEAD,POST" );
event.setHTTPHeader(name="Allow-Control-Allow-Credentials", value="true");
event.setHTTPHeader( name="Access-Control-Allow-Headers", value="*");
var uuid = CreateUUID();
var util = new com.smartvillage.api.util.ResponseUtil();
var validator = new com.smartvillage.core.util.JsonValidator.JsonValidator();
var model = server[ "wireBox-smartvillage" ];
event.setValue( "model", model );
event.setValue( "util", util );
event.setValue( "validator", validator );
event.setValue( "uuid", uuid );
var authSvc = model.getInstance( "AuthService" );
var ctx = arguments.event.getContext();
util.writeData( "#arguments.event.getContext().event#-#uuid#", SerializeJSON( data ) );
var ht = GetHTTPRequestData();
var data = {
"url" = url,
"form" = form,
"date" = now(),
"content" = ht.content,
"headers" = ht.headers,
"method" = ht.method
}
if (ctx.event NEQ "auth.login" ) {
var accessToken = event.getHTTPHeader("Authorization");
cffile(action="append", file=expandPath('/debug.log'), output="#now()#- #accessToken# -");
if (len(accessToken)) {
if ( !authSvc.isAuth( trim(accessToken.replace('Bearer', '')) ) ) {
event.renderData(data="Not Authorized",statusCode="401",statusText="Unauthorized")
.noExecution();
}
} else {
echo('Token not found');
abort;
}
};
};
As you can see, we set allow origin headers for our localhost (where the client is running) but what happens is that, whereas some ajax calls succeed, others fail for Cors problems. The below pic shows our network.
As you can see, the same call fails or succeeds randomly. And the error it gives us is this: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
Why does this happen?
EDIT:
I can see it happens when there are consecutive ajax calls.
try to add remote to your function. Something like this
remote any function example() {}
I had a bit like issue a while ago.....so maybe it will help.