Home Support NI Product Manuals LabVIEW NXG 5.1 Web Module Manual

Table Of Contents

Configure a LabVIEW Web Service CORS for Credentialed Access

Download Manual | Offline Viewer Required
Version:
Last Modified: November 16, 2020

Configure CORS to allow specific origins you define, well-known origins, and origins with credentials access to your WebVI resources.

spd-note-note
Note  

The following content only applies to LabVIEW Web Services deployed to the LabVIEW Application Web Server. NI recommends deploying LabVIEW Web Services to the NI Web Server instead.

What to Use

You can find the Web Services API on the Connectivity palette in LabVIEW.
spd-note-note
Note  

LabVIEW NXG does not support creating web services.

  • LabVIEW Web Service Request
  • Read Request Variable
  • Set HTTP Header

What to Do

Create the following diagram in a Web Resources VI to configure a LabVIEW Web Service to allow CORS with specific or well-known origins and origins with credentials.

Customize the gray sections for your unique programming goals.

A new Web Resources VI automatically adds the LabVIEW Web Service Request class to the block diagram and terminal pane.

Read Request Variable checks the request for the variable you define.

To check the origin of the request, enter Origin for the value of variable.

Use a Case Structure to create two cases: a case to continue if an origin is found in the request and a case to do nothing if an origin is not found in the request.

spd-note-note
Note  

Web browsers in a same-origin configuration and HTTP clients outside of web browsers may not have an Origin header in the request. These should be handled by the web resource.

Define how to filter the origins you want to access your web resources. Some common implementations include the following:
  • Have a strict list of origins to check against
  • Check for a prefix on the origin, such as http://localhost
  • Use the LabVIEW Web Service Request and Read Request Variable to check for additional information, such as Remote Address

Use a Case Structure to create two cases: a case continue if the origin passes the filter you implement and a case to do nothing if the origin does not pass the filter.

Set HTTP Header sets the HTTP header value in response to a request.

Use the header Access-Control-Allow-Origin to indicate if the origin making the request can access the response of your Web Service VI.

The header value populates with the origin the filter approves.
spd-note-note
Note  

The wildcard (*) value is not valid for credentialed cross-origin requests. You must choose a filtered origin.

Set HTTP Header sets the HTTP header value in response to a request.

Use the header Access-Control-Allow-Credentials to indicate if the origin making the request can access the response of your Web Service VI and accept credentialed information, such as cookies.

Use the header value true to allow the filtered origin to access your Web Service VI.

You must make a corresponding change in the Configure CORS node in your WebVI. See Sending a Credentialed Cross-Origin HTTP Request for more information.

Add code that only functions if the origin has supported credentials defined in the request.

The code above uses session VIs that require browser cookies to function.

Troubleshooting

If you encounter errors, try the following troubleshooting strategies:
  • Check the implementation of your filter for errors.
  • Verify the header is correct for each Set HTTP Header.
  • Check the implementation of the Configure CORS node in your WebVI.

Related Topics

Recently Viewed Topics