The 3rd alternative is to use this method of setting up Apache and using
it's reverse proxy feature. This is the most complicated and requires
the most system resources of the possible options, but seems to be the
road you were heading down. I don't think I'd go that way, myself

I suggested this solution because Booth already had his web-service running under a different host than where he was serving his web pages (as for why that might be I don't know).

I disagree that setting up a reverse proxy this is more complicated than setting up CORS, which is a nasty hack IMO. To the best of my knowledge, best practices dictate not exposing an application server directly to the outside world and always to front them with a proxy or some kind, for security and availability reasons. I accept this maybe unnecessary for a simple in-house web app like the Booth's but I think it is the correct solution and I don't see any particular disadvantage of doing it this way.

Tim.

________________________________
From: WEB400 <web400-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Scott Klement <web400@xxxxxxxxxxxxxxxx>
Sent: 09 April 2019 04:21
To: web400@xxxxxxxxxxxxxxxxxx
Subject: Re: [WEB400] CORS header 'Access-Control-Allow-Origin'

Hi Booth,

Below are your questions with my thoughts:


Can I put the web page on the same server as provides the web
services? I have no idea, i don't even want to
know.

Err, you asked the question, but you don't want to know? I assume you
do want to know.

First of all, the answer is yes.

First option: When you create a server with IWS, it generates an Apache
server that acts as a front-end for the application server. For
example, if you told IWS to generate a server named 'BOOTHIWS', you
should have an IFS directory /www/BOOTHIWS/htdocs and inside that you
can put html, javascript,. css,. images, etc. etc. The only caveat is
that IWS expects any URL whose path begins with /web/ to point to the
integrated application server. http://yourserver:xxx/my.html will work
fine but you can't use http://yourserver:xxx/web/my.html because the IWS
tooling expects to handle anything beneath /web/. Also, there's a
normal Apache instance there, you can go into it and add any other
aliases, scriptaliases, etc that you want. If you do want to bypass
CORS using the ACOA header you can add it into this Apache config, using
Nadir's example as a template.

The 2nd alternative (which you won't like, so why I am saying it?!) is
that you could use Apache for your web services instead of IWS. Since
IWS isn't there to handle the JSON code, you use something like YAJL or
SQL instead. This way, there is only one server. This is how I do it.

The 3rd alternative is to use this method of setting up Apache and using
it's reverse proxy feature. This is the most complicated and requires
the most system resources of the possible options, but seems to be the
road you were heading down. I don't think I'd go that way, myself.


I can consume that data off my PC's browser with no problem but from a
server at the same root url? Things go all wobbly, which
I suspect is a reflection upon my ignorance of the processes involved.

Yes, if you're using a server with the same root, there's no CORS
issue. (That's what you're asking, right?)



--
Scott Klement
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.scottklement.com&amp;data=02%7C01%7C%7Cc61ea88a66f64907e4fa08d6bc9222de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636903733165949390&amp;sdata=ogL9YlTS6s5xv6aa2ZRtswghTTulRDAkDxdug0enuJk%3D&amp;reserved=0

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fweb400&amp;data=02%7C01%7C%7Cc61ea88a66f64907e4fa08d6bc9222de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636903733165949390&amp;sdata=c1IhQCSeb0q9ddTTRn4dtnRneNqQYpffIwtxcMEOp6w%3D&amp;reserved=0
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fweb400&amp;data=02%7C01%7C%7Cc61ea88a66f64907e4fa08d6bc9222de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636903733165949390&amp;sdata=DmGXeGmn2J%2BpMkgtvnY7hc2%2Bfq%2FWfPZI5AOxVrFkeG8%3D&amp;reserved=0.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.