The
Micro Focus Common Client (MFCC) is used by COBOL Web Service proxies and
Enterprise Server CICS Web Interface (CWI) and CICS Web Services (CWS) clients to make HTTP requests for Web SOAP and JSON APIs and other HTTP-based
resources.
Because of a Web security mechanism called the same-origin policy, Web browsers and servers use a mechanism called Cross-Origin
Resource Sharing (CORS) to authorize HTTP requests. CORS is a set of rules and protocols that HTTP servers use to decide whether
to allow a request.
MFCC and the programs that use it are not Web browsers, and so technically none of the requests they make are "cross-origin" —
each request is technically an "initial" request, and not made in the context of a previous request. However, servers do not
know that and so expect to see some CORS-related information in the request in some cases.
MFCC adds certain request headers by default and can be configured to omit or add headers or use particular values, as described
below.
In previous releases
Prior to
Enterprise Developer 9.0,
MFCC did not add any CORS headers. In
Enterprise Developer 9.0,
MFCC added the standard Origin header to all requests to satisfy the CORS requirement. This improved interoperability but resulted
in problems with a minority of servers.
The CORS headers
MFCC currently supports three HTTP request headers associated with CORS:
- Origin
- This header identifies the origin of a request. Because every request from
MFCC is technically an initial request,
MFCC by default sets this to the server which the request is being sent to, except for GET and HEAD requests, which omit it. This
follows the use of the Origin header as prescribed by the Fetch specification. See
https://fetch.spec.whatwg.org/ for more information.
- Referer
- Referer is a longstanding standard HTTP header which is set by browsers to indicate the source of the URL for the request.
For example, when a user clicks a link on a web page, the request for that resource will typically include a Referer header
with the URL for the page containing the link. Since
MFCC and its applications are not browsers, there technically is no referrer and so no Referer header should be sent, and
MFCC omits this header by default. Some servers might incorrectly require it, so it is configurable.
Note: Due to historical reasons the name of the header is misspelled.
- X-Requested-With
- This is a non-standard header (like all headers with names beginning with "X-"), but it is universally supported by browsers.
HTTP requests made by scripts on a Web page include the header
X-Requested-With: XMLHttpRequest. XMLHttpRequest is the name of the JavaScript API for making these requests. Some servers might insist on an X-Requested-With
header for a Web API request.
MFCC by default will send X-Requested-With: MFCC.
Configuration
MFCC's handling of the CORS headers can be customized by editing the
mf-client.dat file in the bin directory of your product installation, or the file specified by the MFC_CONFIG environment variable, if
it is set.
Syntax:
[HTTP Headers]
Origin=origin-option
Referer=referer-option
X-Requested-With=x-requested-with-option
Where:
- origin-option
- This can be one of the following options:
- none
- Never add an Origin header.
- null
- Add
Origin: null this is a special value, described in the specification, and is for non-GET/HEAD requests.
- standard
- Add a standard Origin header, the scheme, host, and port part of the URL, and is for non-GET/HEAD requests.
- default
- Same as standard.
- always
- Always add a standard Origin header, including to GET/HEAD requests. This is the same as the behavior in 9.0.
- literal:value
- Always add
Origin:
value to requests.
- referer-option
- This can be one of the following options:
- none
- Do not add a Referer header.
- default
- Same as none.
- origin
- Add a Referer header with
scheme://host[:port], that is, the same value used for the Origin header.
- standard
- Add
Referer:
scheme://host[:port]/path.
- literal:value
- Add
Referer:
value.
- x-requested-with-option
- This can be one of the following options:
- none
- Do not add an X-Requested-With header.
- default
- Add
X-Requested-With: MFCC.
- standard
- Add
X-Requested-With: XMLHttpRequest.
- literal:value
- Add
X-Requested-With:
value.