Delphi的Datasnap ISAPI模块上的CORS问题 [英] CORS issue on a Delphi's Datasnap ISAPI Module

问题描述

我们遇到AngularJS客户端访问的Datasnap REST（Delphi 10.1 Berlin）服务器的问题。我无法激活授权，因为Angular无法在Pragma Header中发送dssession，这似乎是CORS的一个问题，因为浏览器是改变Header的那个（使用--disable-web-security flat启动Chrome的一切运行良好）。

We have a problem with a Datasnap REST (Delphi 10.1 Berlin) Server accessed by AngularJS clients. I can't activate Authorization because Angular can't send the dssession within a Pragma Header, seems to be a problem with CORS, because the browser is the one changing that Header (launching Chrome with the --disable-web-security flat everything runs fine).

甚至在同一台机器上运行Angular和Datasnap进行测试（本地主机角色为Angular：8080，本地主机为8081，Datasnap为Angular），浏览器检测到呼叫为Cross-Origin调用，当Angular尝试发送dssession时，它不会到达Datasnap。注意：我允许使用以下代码进行跨源调用：代码 http：/ /delphi.org/2015/04/cors-on-datasnap-rest-server/

Even running Angular and Datasnap on the same machine for testing (Angular at localhost:8080 and Datasnap at localhost:8081), the browser detects the calls as Cross-Origin calls and when Angular tries to send the dssession it doesn't arrive to Datasnap. Note: I allow cross-origin calls using the following: code http://delphi.org/2015/04/cors-on-datasnap-rest-server/

将服务器作为StandAlone应用程序运行我可以在WebModuleBeforeDispatch事件，TWebRequest获取具有值Pragma而不是预期的Pragma Header的Access-Control-Request-Headers，因此看起来浏览器发出CORS Options请求而Datasnap没有回答它（它引发了一个TDSServiceException，带有命令关闭或未分配消息）。

Running the Server as an StandAlone application I can see in the WebModuleBeforeDispatch event that the TWebRequest gets an Access-Control-Request-Headers with the value "Pragma" instead of the expected Pragma Header, so it looks like the browser is issuing a CORS Options request and Datasnap doesn't answers it (it raises a TDSServiceException with the "command closed or unassigned" message).

我已经为StandAlone应用程序解决了它，通过URL传递了dssession（它不会干扰正常传递参数，因为我只使用来自AngularJS的POST调用），然后拦截WebModuleBeforeDispatch事件上的Request并手动添加带有从调用URL检索到的dssession的Pragma Header。

I have solved it for the StandAlone application, passing the dssession through the URL (it doesn't interfere with the normal pass of parameters because I only use POST calls from AngularJS), and then intercepting the Request on the WebModuleBeforeDispatch event and manually adding a Pragma Header with the dssession retrieved from the calling URL.

procedure TWebModule1.WebModuleBeforeDispatch(Sender: TObject; Request: TWebRequest; 
                                              Response: TWebResponse; var Handled: Boolean);
var Token: string;
begin
  Response.SetCustomHeader('Access-Control-Allow-Origin','*');     // Allow CORS calls

  Token := TIdHTTPAppRequest(Request).Query;         // Set session on Pragma from the URL
  if Copy(Token, 1, 10) = 'dssession=' then begin
    TIdHTTPAppRequest(Request).GetRequestInfo.RawHeaders.AddValue('Pragma', Token);
  end;

  if FServerFunctionInvokerAction <> nil then
    FServerFunctionInvokerAction.Enabled := AllowServerFunctionInvoker;
end;

它在StandAlone应用程序上运行正常，但当我将代码重新编译为ISAPI模块进行部署时在最终的生产环境中，它没有在Requests上添加dssession Pragma Header，可能是因为它没有通过URL传递dssession，但我不能确定原因，因为我无法得到我的Delphi调试ISAPI模块。

It works fine on that StandAlone application, but when I recompile my code as an ISAPI module to deploy it on the final production environment, it doesn't add the dssession Pragma Header on the Requests, probably because it doesn't get the dssession passed through the URL, but I can't be sure of the reason because I can’t get my Delphi to debug that ISAPI Module.

我遵循这个教程： http://edn.embarcadero.com/article/40873 我可以正确设置运行我的ISAPI模块，但当我将w3wp.exe进程附加到我的Delphi调试器时，它不会停止任何断点（它们看起来是禁用的，就像代码是使用Release Build而不是Debug Build编译的那样），事实上，w3wp.exe进程似乎被冻结，并且在我从它分离之前不会参加任何调用Delphi调试器。

I follow this Tutorial: http://edn.embarcadero.com/article/40873 and I can correctly set to run my ISAPI Module, but when I attach the w3wp.exe process to my Delphi debugger it doesn't stop to any break-point (they appear disabled, as like the code was compiled with a Release Build instead of a Debug Build), in fact, the w3wp.exe process seems to be frozen and doesn't attend any call until I detach it from the Delphi debugger.

所以，我将不胜感激任何建议都能够调试该模块，更重要的是，当浏览器将它们检测为跨源调用时，将dssession传递给ISAPI模块。

So, I would appreciate any suggestion to be able to debug that module, and more importantly, to pass the dssession to an ISAPI Module when your browser detects them as Cross-Origin calls.

非常感谢。

推荐答案

我终于找到了一个简洁的解决方案来设置Datasnap来回答CORS请求，因为它应该回答它们。

I have finally found a neat solution to set Datasnap to answer to CORS requests as it's supposed to answer them.

当您的Datasnap在WebModule.Before dispatch事件上收到COR请求时，您只需回答允许发送自定义标头（Pragma），将Handled设置为True非常重要，因此Datasnap赢了尝试将该OPTION请求作为正常请求来管理方法。

When your Datasnap receives a COR request on the WebModule.Before dispatch event, you just have to answer to allow sending the customized header (Pragma), it's important to set Handled to True, so Datasnap won't try to manage that OPTION request as a normal request calling for a method.

procedure TWebModule1.WebModuleBeforeDispatch(Sender: TObject; Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
begin
  Response.SetCustomHeader('Access-Control-Allow-Origin','*');        

  if Trim(Request.GetFieldByName('Access-Control-Request-Headers')) <> '' then 
  begin 
    Response.SetCustomHeader('Access-Control-Allow-Headers', Request.GetFieldByName('Access-Control-Request-Headers'));        
    Handled := True;
  end;

  if FServerFunctionInvokerAction <> nil then
    FServerFunctionInvokerAction.Enabled := AllowServerFunctionInvoker;
end;

这篇关于Delphi的Datasnap ISAPI模块上的CORS问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！