Situation
When trying to fetch a token for my SMART on FHIR application it is able to authorize but fails to fetch the token due to a CORS error. The exact same request can be done from postman without issue but fails when run from the SMART applications launch in both standalone mode as well as embedded mode within OpenEMR. Based on this discussion: API CORS woes in production http options are not recognized by the APIs leading to my current issue of being unable to find a way to get my token into my application without setting up a reverse proxy which would be quite time consuming considering I am just trying to test the application in a development environment.
Is there any other means/settings I can set to allow requests from my application to the token endpoint using the DOCKER version of OpenEMR?
OpenEMR Version
I’m using OpenEMR version 7.0.1 (Docker Image)
Browser:
I’m using: Google Chrome
Operating System
I’m using: Windows 10
Search
I have searched the discussions for similar issues and while some outlined the same issues they did not provide an actual solution to the problem besides the previously mentioned reverse proxy that I am trying to not have to do just for development testing.
Logs
I have checked the logs and not found anything pertaining to this issue other than the successful call from postman:
That’s just a question of configuring Apache within the container, which is certainly doable. Are you using a stock container or the live-development flex docker?
Either way, the solution will be the same – connect a shell to the docker, navigate to /etc/apache2 (is it /etc/httpd? I forget), configure Apache to honor OPTIONS, and reload it. (Restarting it will keep the container from actually coming back up if you got the config wrong, and repairing the filesystem of a non-functioning container is annoying.)
I’m confused on why you are having this CORS issue. The post you referred to is old and we added OPTIONS support back in 2022. You can see it in HTTPRestRouteHandler.php#L57-70. As long as you have a valid token you are passing in your header request it should let you in.
I’m currently integrating a Flutter application with OpenEMR using the SMART on FHIR launch flow, and I’m running into a CORS issue when trying to fetch patient data.
Here’s my setup and flow:
I have built a Flutter web application that is launched via SMART launch from OpenEMR.
I followed the SMART on FHIR integration steps as per the OpenEMR documentation.
The launch flow works as expected:
OpenEMR redirects to my app.
The user is prompted to log in.
A permission/authorization screen is shown.
After granting permission, the app redirects back to my Flutter app with the authorization code.
My Flutter app then exchanges the authorization code for an access token using the token endpoint.
From the token response, I successfully retrieve:
Access token
Patient ID (context)
Problem:
When I try to fetch patient data using the FHIR endpoint:
GET /fhir/Patient/{patientId}
I receive a CORS error in the browser.
Additional Details:
The request includes the Authorization header with the Bearer token.
The token request itself works fine (no CORS issue there).
The CORS error only occurs when calling the FHIR endpoint (/fhir/Patient/{patientId}).
This is happening in a Flutter web environment (running in the browser).
The same request works if tested via tools like Postman (no CORS restrictions there).