Cross-Origin Resource Sharing (CORS)
CORS defines a way in which a browser and server can interact to determine safely whether or not to allow the cross-origin request. CORS provides for more flexibility than same-origin requests, but is more secure than simply permitting all cross-origin requests.
Oracle Integration supports CORS in the REST Adapter trigger (inbound) direction. You configure CORS support in the Adapter Endpoint Configuration Wizard. See REST Adapter Trigger Resource Configuration Page and REST Adapter Trigger CORS Configuration Page.
-
Blink- and Chromium-based browsers (Chrome 28, Opera 15, Amazon Silk, Android's 4.4+ WebView, and Qt's WebEngine).
-
Gecko 1.9.1 (Firefox 3.5, SeaMonkey 2.0, and Camino 2.1) and above.
-
MSHTML/Trident 6.0 (Internet Explorer 10) has native support. MSHTML/Trident 4.0 & 5.0 (Internet Explorer 8 & 9) provide partial support through the XDomainRequest object.
-
Presto-based browsers (Opera) implement CORS as of Opera 12.00 and Opera Mobile 12, but not Opera Mini.
-
WebKit (Safari 4 and above, Google Chrome 3 and above, possibly earlier).
-
Camino does not implement CORS in the 2.0.x release series because these versions are based on Gecko 1.9.0.
-
As of version 0.10.2, Arora exposes WebKit's CORS-related APIs, but attempted cross-origin requests fail.[16].
For CORS to work, you must send an OPTIONS request. Using
the XMLHttpRequest
object in Javascript for (Ajax
calls) automatically sends the OPTIONS request. If
XMLHttpRequest
is not used, then the
OPTIONS request must be sent explicitly.
XMLHttpRequest
.<html>
<script language="javascript">
var invocation = new XMLHttpRequest();
var url =
"<ics endpoint url>";
// Use postman to generate authCode. Sample is provided below
var authCode = 'Basic <base64encoded authorization string>';
function callOtherDomain(){ if(invocation) {
invocation.open('GET', url, true);
invocation.setRequestHeader('Accept', 'application/json');
invocation.setRequestHeader('X-Cache','aaa');
invocation.setRequestHeader('X-Forwarded-For','fwd1');
invocation.setRequestHeader('Authorization',authCode);
invocation.onreadystatechange = stateChangeEventHandler;
invocation.send();
}
}
function stateChangeEventHandler()
{
// check whether the data is loaded
if (invocation.readyState==4)
{ // check whether the status is ok
if (invocation.status==200) {
//alert(invocation.responseText)
document.getElementById("myTextarea").value = invocation.responseText
document.write("hello");
document.write(invocation.responseText);
}
else
{
alert ("Error Occurred")
}
}
}
</script>
<body onload="callOtherDomain()">
<br><br>
<textarea id="myTextarea" name="mytextarea1"></textarea><br><br>
</body>
</html>
chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security