Situation
I have a proof of concept I’m working on and I plan on using openemrs API to load some data into my app but I still can’t get away from the dreaded CORS issues.
Here’s what I’ve tried so far:
I’ve tried editing httpd.conf
adding
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
I tried just adding just these lines:
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
I’ve tried the same editing openemer.conf
and no success I can post/get fine with postman but it just refuses to work with a fetch request via javascript, anyone have any ideas how to fix this?
OpenEMR Version
I’m using OpenEMR version from the AWS marketplace which is: Version Number: v5.0.2 (3)
Browser:
I’m using: Chrome, Firefox
Operating System
I’m using: Windows
Logs
What makes this more bizarre is that I can login via my app using the API but any other calls afterward return the CORS issue, here are the last few lines of my access.log
where you can see me login in and getting the facility list via postman that works fine.
162.158.123.250 - - [14/Nov/2020:18:15:04 +0000] "POST /apis/api/auth HTTP/1.1" 200 385 "-" "PostmanRuntime/7.26.5"
162.158.123.250 - - [14/Nov/2020:18:15:04 +0000] "POST /apis/api/auth HTTP/1.1" 200 385 "-" "PostmanRuntime/7.26.5"
162.158.123.250 - - [14/Nov/2020:18:15:16 +0000] "GET /apis/api/facility HTTP/1.1" 200 576 "-" "PostmanRuntime/7.26.5"
162.158.123.250 - - [14/Nov/2020:18:15:16 +0000] "GET /apis/api/facility HTTP/1.1" 200 576 "-" "PostmanRuntime/7.26.5"
162.158.123.16 - - [14/Nov/2020:18:15:17 +0000] "POST /library/ajax/execute_background_services.php HTTP/1.1" 200 - "https://openemr.er365pr.com/interface/main/tabs/main.php?token_main=qCtSmrIIWHXyMzhhCwvUddvijbbOSnAdyHp8xZFO" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
162.158.123.16 - - [14/Nov/2020:18:15:17 +0000] "POST /library/ajax/execute_background_services.php HTTP/1.1" 200 - "https://openemr.er365pr.com/interface/main/tabs/main.php?token_main=qCtSmrIIWHXyMzhhCwvUddvijbbOSnAdyHp8xZFO" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
162.158.123.16 - - [14/Nov/2020:18:15:17 +0000] "GET /interface/main/tabs/timeout_iframe.php HTTP/1.1" 200 195 "https://openemr.er365pr.com/interface/main/tabs/timeout_iframe.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
162.158.123.16 - - [14/Nov/2020:18:15:17 +0000] "GET /interface/main/tabs/timeout_iframe.php HTTP/1.1" 200 195 "https://openemr.er365pr.com/interface/main/tabs/timeout_iframe.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
162.158.123.16 - - [14/Nov/2020:18:15:17 +0000] "POST /library/ajax/dated_reminders_counter.php HTTP/1.1" 200 - "https://openemr.er365pr.com/interface/main/tabs/main.php?token_main=qCtSmrIIWHXyMzhhCwvUddvijbbOSnAdyHp8xZFO" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
162.158.123.16 - - [14/Nov/2020:18:15:17 +0000] "POST /library/ajax/dated_reminders_counter.php HTTP/1.1" 200 - "https://openemr.er365pr.com/interface/main/tabs/main.php?token_main=qCtSmrIIWHXyMzhhCwvUddvijbbOSnAdyHp8xZFO" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
162.158.123.16 - - [14/Nov/2020:18:15:20 +0000] "POST /interface/main/dated_reminders/dated_reminders.php HTTP/1.1" 200 98 "https://openemr.er365pr.com/interface/main/messages/messages.php?form_active=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
162.158.123.16 - - [14/Nov/2020:18:15:20 +0000] "POST /interface/main/dated_reminders/dated_reminders.php HTTP/1.1" 200 98 "https://openemr.er365pr.com/interface/main/messages/messages.php?form_active=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
108.162.212.200 - - [14/Nov/2020:18:15:30 +0000] "POST /apis/api/auth HTTP/1.1" 200 389 "https://er365pr.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
108.162.212.200 - - [14/Nov/2020:18:15:30 +0000] "POST /apis/api/auth HTTP/1.1" 200 389 "https://er365pr.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
108.162.212.200 - - [14/Nov/2020:18:15:33 +0000] "OPTIONS /apis/api/patient HTTP/1.1" 401 - "https://er365pr.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
108.162.212.200 - - [14/Nov/2020:18:15:33 +0000] "OPTIONS /apis/api/patient HTTP/1.1" 401 - "https://er365pr.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
I am actually able to login using the API but once I try to get patients or facilities or any other API request it just refuses to work.
Any ideas, insight, or suggestions are greatly appreciated, thanks.