If you haven't already checked it out, I recommend that you read through Anders Laub's "Implementing a WebApi service using ServicesApiController in Sitecore 8" post.
The Problem
Where this and other posts on the web fall short, is that they don't indicate the correct sweet spot to patch into the initialize pipeline that won't cause havoc if you plan to implement Sitecore's Federated Experience Manager (FXM).
[ServicesController("Beacon.Service")]
[RobotDetectionFilter]
[ConfiguredP3PHeader]
[EnableCors("*", "*", "GET,POST", SupportsCredentials = true)]
What this means is that Sitecore sets the "Access-Control-Allow-Origin" header value to the domain of every external site that is configured by FXM.
Placing your processor before the ServicesWebApiInitializer processor will remove these headers and result in FXM not being able to make cross-domain requests.
So for example, looking at Anders' example, a patch like this:
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<pipelines>
<initialize>
<processor patch:after="processor[@type='Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel']"
type="LaubPlusCo.Examples.RegisterHttpRoutes, LaubPlusCo.Examples" />
</initialize>
</pipelines>
</sitecore>
</configuration>
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myexternalsite.com' is therefore not allowed access.
The Quick Fix
Fortunately, all that you need to do to fix this issue is to patch after Sitecore's ServicesWebApiInitializer.So looking at the example again, this would fix the issue and result in FXM playing nice:
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<pipelines>
<initialize>
<processor patch:after="processor[@type='Sitecore.Services.Infrastructure.Sitecore.Pipelines.ServicesWebApiInitializer, Sitecore.Services.Infrastructure.Sitecore']"
type="LaubPlusCo.Examples.RegisterHttpRoutes, LaubPlusCo.Examples" />
</initialize>
</pipelines>
</sitecore>
</configuration>
0 comments:
Post a Comment