# Create New EHR using Postman - Rest Services

**Category:** [Platform](https://discourse.openehr.org/c/platform-implem/7)
**Created:** 2021-10-25 20:36 UTC
**Views:** 1634
**Replies:** 7
**URL:** https://discourse.openehr.org/t/create-new-ehr-using-postman-rest-services/1982

---

## Post #1 by @Jignesh_Prajapati

I am using below URL using POST method to create new EHR using Postman

http://HOST:8080/ehrbase/rest/openehr/v1/ehr

Error Response:
**{**
**    "timestamp": "2021-10-25T20:21:56.827+00:00",**
**    "status": 500,**
**    "error": "Internal Server Error",**
**    "path": "/ehrbase/rest/openehr/v1/ehr"**
**}**

**Server side log having below exception:**
{"log":"2021-10-25 20:21:56.822 ERROR 10 --- [nio-8080-exec-3] o.a.c.c.C.[.[.[.[dispatcherServlet]      : Servlet.service() for servlet [dispatcherServlet] in context with path [/ehrbase] threw exception\n","stream":"stdout","time":"2021-10-25T20:21:56.823289692Z"}
{"log":"\n","stream":"stdout","time":"2021-10-25T20:21:56.823429101Z"}
{"log":"java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value \"*\" since that cannot be set on the \"Access-Control-Allow-Origin\" response header. To allow credentials to a set of origins, list them explicitly or consider using \"allowedOriginPatterns\" instead.\n","stream":"stdout","time":"2021-10-25T20:21:56.823439121Z"}
{"log":"\u0009at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473)\n","stream":"stdout","time":"2021-10-25T20:21:56.823445276Z"}
{"log":"\u0009at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577)\n","stream":"stdout","time":"2021-10-25T20:21:56.823450779Z"}
{"log":"\u0009at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174)\n","stream":"stdout","time":"2021-10-25T20:21:56.823457152Z"}
{"log":"\u0009at org.springframework.web.cors.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:116)\n","stream":"stdout","time":"2021-10-25T20:21:56.823463586Z"}
{"log":"\u0009at org.springframework.web.cors.DefaultCorsProcessor.processRequest(DefaultCorsProcessor.java:95)\n","stream":"stdout","time":"2021-10-25T20:21:56.82346992Z"}
{"log":"\u0009at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:87)\n","stream":"stdout","time":"2021-10-25T20:21:56.823476755Z"}
{"log":"\u0009at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n"

---

## Post #2 by @Jignesh_Prajapati

Hi Friends

Can someone help me why am I getting above error?

Regards
Jignesh

---

## Post #3 by @Dileep_V_S

Please post the curl command that you are using. You can get it from your postman

regards

---

## Post #4 by @yampeku

Hello Jignesh,
This seems to be a CORS error, as indicated in your log
[quote="Jignesh_Prajapati, post:1, topic:1982"]
When allowCredentials is true, allowedOrigins cannot contain the special value “*” since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead
[/quote]
Have you tried accessing the server from the same domain? you could try to add the suggested headers if you are not able to access it directly

---

## Post #5 by @ian.mcnicoll

Hi Jignesh,

It look as if your http Headers are wrong 

```
curl --location --request POST 'https://myUrlRoot/rest/openehr/v1/ehr/' \

--header 'Accept: application/json' \

--header 'Content-Type: application/json' \

--header 'Prefer: return=representation' \

--header 'Authorization: Basic  *** \

```

---

## Post #6 by @Lars

Hi. Not sure if I'm breaking forum guidelines here, but I have a similar problem. I've got the ehrbase and a web application behind an nxing, to place both on port 80 (thinking that this would avoid CORS-problems). But I seem to get the same error message on the server as the original poster. Did you find a fix? 

java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
        at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473)
        at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577)
        at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174)

The javascript-code that makes the call is at https://bitbucket.org/larsie/openehr-test/src/master/src/app/openehr.service.ts 

I've tried putting the API on various places, including /ehrbase and /lab/ehrbase (the html application is on /lab)

I'm a total noob on OpenEHR and EHRBase, so please forgive me if my question is very stupid. It seems as the CORS configuration isn't working with my setup. I used the prebuilt images with 'docker compose', but maybe I have to change to code to my URLs and then build myself?

---

## Post #7 by @birger.haarbrandt

Hi Lars, 

welcome to the forum! This is the right place to discuss these technical questions. Can you please check if this has already an issue in the tracker on EHRbase GitHub? https://github.com/ehrbase/ehrbase/issues 

Looks like there is one issue that could be related, but not sure: https://github.com/ehrbase/ehrbase/issues/669 

Anyways, the EHRbase team is still working on the 1.0 release and we are keen to identify and address any remaining issues with high priority.

---

## Post #8 by @Lars

Yes, this could very well be the same issue, though the bug-report doesn't seem to have the log from the server so I can't say for sure. There seems to have been a change in the spring CORS behaviour lately that has caused this type of problem in other systems also. 

I was half way into writing a bug report, but with these CORS issues it's difficult to find out if the problem is on my client end, the nginx proxy in the middle or the server. Earlier I've always managed to work around the CORS behaviour by collecting the web app and apis on a single domain through an nginx node, so I'm really not sure where the problem is. But since there's been a recent change in the spring framework related to CORS that could be the culprit (see for example https://stackoverflow.com/questions/64892592/cors-enabled-in-spring-boot-with-angular-still-cors-errors). It also won't appear if you turn off authentication, which I guess many people do while testing. Since CORS behaviour is less strict when there is no authentication. I "fixed" my server by turning off authentication.

I'll link this post into the existing bug report, in case it helps.

---


**Canonical:** https://discourse.openehr.org/t/create-new-ehr-using-postman-rest-services/1982
**Original content:** https://discourse.openehr.org/t/create-new-ehr-using-postman-rest-services/1982