Configure a LabVIEW Web Service CORS for Credentialed Access

Configure CORS to allow specific origins you define, well-known origins, and origins with credentials access to your WebVI resources.

Note The following content only applies to LabVIEW Web Services deployed to the LabVIEW Application Web Server. NI recommends deploying LabVIEW Web Services to the NI Web Server instead.

What to Use

You can find the Web Services API on the Connectivity palette in LabVIEW.
  • LabVIEW Web Service Request
  • Read Request Variable
  • Set HTTP Header

What to Do

Create the following diagram in a Web Resources VI to configure a LabVIEW Web Service to allow CORS with specific or well-known origins and origins with credentials.

Customize the gray sections for your unique programming goals.


1378

1378 A new Web Resources VI automatically adds the LabVIEW Web Service Request class to the block diagram and terminal pane.
1378

Read Request Variable checks the request for the variable you define.

To check the origin of the request, enter Origin for the value of variable.

Use a Case Structure to create two cases: a case to continue if an origin is found in the request and a case to do nothing if an origin is not found in the request.

Note Web browsers in a same-origin configuration and HTTP clients outside of web browsers may not have an Origin header in the request. These should be handled by the web resource.
1378
Define how to filter the origins you want to access your web resources. Some common implementations include the following:
  • Have a strict list of origins to check against
  • Check for a prefix on the origin, such as http://localhost
  • Use the LabVIEW Web Service Request and Read Request Variable to check for additional information, such as Remote Address

Use a Case Structure to create two cases: a case continue if the origin passes the filter you implement and a case to do nothing if the origin does not pass the filter.
1378

Set HTTP Header sets the HTTP header value in response to a request.

Use the headerAccess-Control-Allow-Origin to indicate if the origin making the request can access the response of your Web Service VI.

The header value populates with the origin the filter approves.
Note The wildcard (*) value is not valid for credentialed cross-origin requests. You must choose a filtered origin.
1378

Set HTTP Header sets the HTTP header value in response to a request.

Use the headerAccess-Control-Allow-Credentials to indicate if the origin making the request can access the response of your Web Service VI and accept credentialed information, such as cookies.

Use the header valuetrue to allow the filtered origin to access your Web Service VI.

You must make a corresponding change in the Configure CORS node in your WebVI. See Sending a Credentialed Cross-Origin HTTP Request for more information.
1378

Add code that only functions if the origin has supported credentials defined in the request.

The code above uses session VIs that require browser cookies to function.

Troubleshooting

If you encounter errors, try the following troubleshooting strategies:
  • Check the implementation of your filter for errors.
  • Verify the header is correct for each Set HTTP Header.
  • Check the implementation of the Configure CORS node in your WebVI.