Module Engine

How to pass query string value containing spaces in Module Engine host node?

Issue Description:

In the GET request configuration of Module Designer host configuration setting, passing the query string having the spaces (Ex:  http://localhost/enpoint?querystring=Hi I'm here) may fail to parse at tetherfiwebservicesapi. Application may throw Java URI parsing error.

 

Resolution: 

Encrypting the value with the help of online tool https://meyerweb.com/eric/tools/dencoder/ and passing the string value with encrypted string will help to resolve the issue. Ex: Encrypted value of

Hi I'm here ~  Hi%20I%27m%20here hence the URL will be,

http://localhost/enpoint?querystring=Hi%20I%27m%20here

How to load ModuleEngine Modules in chatbot flow or TPPVA ?

Issue Description:

Chatbot IW Flow disconnection at Module node.

Procedure:

  1. Add created module name in template.config file of TPPVA
  2. Add module name in ModuleEngineUrls.json file of TPPVA
  3. Restart TPPVA

How to add CORS filters for tomcat apps ?

What is CORS ?

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.

When browser throws CORS error?

CORS is a security mechanism built into modern web browsers. It basically blocks all the HTTP requests from your front end to any API that is not in the same “Origin” (domain, protocol, and port—which is the case most of the time).

 

Resolution :

Inspect the error in the web browser console for which the CORS error has been highlighted. Identify the Access-Control-Request-Headers in the browser network console, add CORS filters in web.xml of the respective tomcat app (Ex: C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\tetherfi-generic-webservice-interface\WEB-INF\web.xml).

Make sure the following tags

  1. "cors.allowed.headers" has all the HTTP access control request and custom headers (ex: Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-RequestVerificationToken).
  2. "cors.allowed.origins" has request origin (ex: https://bank.domain.com:8443).
  3. cors.exposed.headers has exposed headers (ex: Access-Control-Allow-Origin).

Below is the sample web.xml for reference,

<display-name>Tetherfi Generic Web Service Interface Application</display-name>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://nabilbank.tetherfilabs.com:55003</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-RequestVerificationToken</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

 

 

Note that, CORS may still exist if any headers are missing in "cors.allowed.headers" list.

 

Module Enigine API Call CORS error

What is CORS ?

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.

When browser throws CORS error ?

CORS is a security mechanism built into modern web-browsers . It basically blocks all the http requests from your front end to any API that is not in the same “Origin” (domain, protocol, and port—which is the case most of the time).

 

Resolution :

Adding CORS filters in web.xml of Module Engine tomcat app

 

---------------------XML------------------------------

<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>ALLOWED_ORIGIN_LIST</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value> </init-param> <!-- List of the response headers other than simple response headers that the browser should expose to the author of the cross-domain request through the XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this information through the Access-Control-Expose-Headers header. --> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-Bonita-API-Token</param-value> </init-param> <!-- The names of the supported author request headers. These are advertised through the Access-Control-Allow-Headers header. The CORS Filter implements this by simply echoing the requested value back to the browser. --> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> </init-param> </filter> ... <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

------------------------XML-------------------------------

 

Note : you will need to replace the ALLOWED_ORIGIN_LIST by your own allowed origin list.

 

Ref:

https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#CORS_Filter

https://documentation.bonitasoft.com/bonita/2021.1/enable-cors-in-tomcat-bundle