Control of Access-Control-Allow-Origin header

Want something added? Ask for it here.
Post Reply
twiceover
Newbie
Newbie
Posts: 4
Joined: September 19th, 2017, 9:55 am

Control of Access-Control-Allow-Origin header

Post by twiceover »

I'm writing a little web utility to hit the SAB API and get me some dashboard information. It works perfectly in IE, however Chrome (and FF) have a security setting that prevents cross domain requests. So when my utility (running on one server) hits the API (running on a different server), Chrome pukes up a security issue "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access." This can be resolved by the SAB server allowing some control over the Access-Control-Allow-Origin header.

I'm sure this is an advanced setting that basically nobody would need, however it would be pretty darn useful for the API. In my searching I did find someone that forked SAB 5 or so years ago just to add this capability.

Thought I'd throw it out there. Thanks for the awesome work.
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: Control of Access-Control-Allow-Origin header

Post by shypike »

Can you explain the details a bit more?
Or point to the fork?
twiceover
Newbie
Newbie
Posts: 4
Joined: September 19th, 2017, 9:55 am

Re: Control of Access-Control-Allow-Origin header

Post by twiceover »

I can't find that fork.

Here is a Reddit post of someone trying to do the same thing I am.

LINKhttps://www.reddit. com/r/javascript/comments/51sry6/need_some_help_with_js_and_api/?st=j9vookgr&sh=1ad106a9

More info on CORS:
LINKhttps://developer.mozilla. org/en-US/docs/Web/HTTP/CORS

Post from a few years ago:
LINKhttps://forums.sabnzbd. org/viewtopic.php?t=7072

New users aren't allowed to post links, so parse as you will.
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: Control of Access-Control-Allow-Origin header

Post by shypike »

Quite a subject.
I'll see what I can do.
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: Control of Access-Control-Allow-Origin header

Post by shypike »

Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.

Code: Select all

<!DOCTYPE html>
<html>

This is the History:
<iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe>
End

</html>
I open this from a local HTML text file.
User avatar
safihre
Administrator
Administrator
Posts: 5338
Joined: April 30th, 2015, 7:35 am
Contact:

Re: Control of Access-Control-Allow-Origin header

Post by safihre »

You need to do it via Javascript JSON calls, for example using jQuery's $.get()
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
twiceover
Newbie
Newbie
Posts: 4
Joined: September 19th, 2017, 9:55 am

Re: Control of Access-Control-Allow-Origin header

Post by twiceover »

shypike wrote: November 20th, 2017, 3:37 pm Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.

Code: Select all

<!DOCTYPE html>
<html>

This is the History:
<iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe>
End

</html>
I open this from a local HTML text file.
For what I'm trying to do I can't use iframe. I need to call for and get values from the API.
twiceover
Newbie
Newbie
Posts: 4
Joined: September 19th, 2017, 9:55 am

Re: Control of Access-Control-Allow-Origin header

Post by twiceover »

safihre wrote: November 20th, 2017, 4:48 pm You need to do it via Javascript JSON calls, for example using jQuery's $.get()
Hrm. I'll give it a try.
hl2guide
Jr. Member
Jr. Member
Posts: 71
Joined: August 31st, 2016, 3:17 am

Re: Control of Access-Control-Allow-Origin header

Post by hl2guide »

When using jQuery's $.get() you still get the same result:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:9090/sabnzbd/.......

Please add the header to SAB:

Access-Control-Allow-Origin: *
Post Reply