I am struggeling with my first "real" WebServer-Project at a certain point. Up to now I always used Nodejs-servers. But as I want to involve my own MySQL-Database I decided to use a plain JAVA-backend this time.
The backend runs with a JAVA EE (JAVA 17) Project on Glassfish 7.0.12 on a virtual Ubuntu Server hosted by a provider on the internet. The backend is hidden behind a NGINX-Server that is used as a https proxy. I do this with all my servers and this is the fourth now running on the same Linux server.
The frontend is built with Angular 16.x and provides currently only a landing page and 2 buttons which are supposed to simply call 2 backend services, the way I would do it in a browser's address field or with Postman.
I managed to deploy the app on the glassfish server and I can call the landing page via https. No problems so far.
I can effortlessly call the 2 implemented backend services when calling them via Postman or simply the browser's adress field. All works as expected.
But as soon as I klick one of the buttons the UI flickers for a blink of an eye and then reloads the entire landing page. Looking at the browser console showed me, that there occurs a NS_BINDING_ABORTED error.
So I investigated a little more using the console and found out that, differing from my other projects, the field "Referer" in the http header looks like this
https://my-domain/my-context-root/?
Where does this question mark at the end come from? I guess that this might be the key to the solution. Because neither of my other landing pages come up with this appendix.
If I understand CORS right, then this referrer is used to apply the same-origin rule. And as there is one unnecessary character the comparison fails.
Does anybody know where this question mark comes from and how I can remove it?
This is my browser console after the error
This is what my index.html looks like
Here comes the CORS-related backend code. I only added this filter when I tried to fix the issue but it did not help at all, as it seems that the call does not even leave my browser.
package org.my-app_server.base;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.ext.Provider;
@Provider
public class CorsResourceFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
responseContext.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
responseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", "true");
responseContext.getHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept");
}
}
And here is where I call this at the server's start
package org.my-app_server.base;
import jakarta.ws.rs.ApplicationPath;
import jakarta.ws.rs.core.Application;
import java.util.HashSet;
import java.util.Set;
@ApplicationPath("/api")
public class RRSSApplication extends Application {
@Override
public Set<Class<?>> getClasses() {
final Set<Class<?>> resources = new HashSet<>();
resources.add(CorsResourceFilter.class);
return resources;
}
}
I found the solution. It had nothing to do with Glassfish at all.
I had my buttons inside a
tag.
And Angular tried to transmit the form directly after pressing one of the buttons. This lead to an immediate reload of the entire app and thus the request was dropped before getting processed properly...