Page 1 of 1
Control of Access-Control-Allow-Origin header
Posted: September 19th, 2017, 10:15 am
by twiceover
I'm writing a little web utility to hit the SAB API and get me some dashboard information. It works perfectly in IE, however Chrome (and FF) have a security setting that prevents cross domain requests. So when my utility (running on one server) hits the API (running on a different server), Chrome pukes up a security issue "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access." This can be resolved by the SAB server allowing some control over the Access-Control-Allow-Origin header.
I'm sure this is an advanced setting that basically nobody would need, however it would be pretty darn useful for the API. In my searching I did find someone that forked SAB 5 or so years ago just to add this capability.
Thought I'd throw it out there. Thanks for the awesome work.
Re: Control of Access-Control-Allow-Origin header
Posted: October 19th, 2017, 2:48 pm
by shypike
Can you explain the details a bit more?
Or point to the fork?
Re: Control of Access-Control-Allow-Origin header
Posted: November 11th, 2017, 2:16 pm
by twiceover
I can't find that fork.
Here is a Reddit post of someone trying to do the same thing I am.
LINKhttps://
www.reddit. com/r/javascript/comments/51sry6/need_some_help_with_js_and_api/?st=j9vookgr&sh=1ad106a9
More info on CORS:
LINKhttps://developer.mozilla. org/en-US/docs/Web/HTTP/CORS
Post from a few years ago:
LINKhttps://forums.sabnzbd. org/viewtopic.php?t=7072
New users aren't allowed to post links, so parse as you will.
Re: Control of Access-Control-Allow-Origin header
Posted: November 20th, 2017, 2:58 pm
by shypike
Quite a subject.
I'll see what I can do.
Re: Control of Access-Control-Allow-Origin header
Posted: November 20th, 2017, 3:37 pm
by shypike
Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.
Code: Select all
<!DOCTYPE html>
<html>
This is the History:
<iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe>
End
</html>
I open this from a local HTML text file.
Re: Control of Access-Control-Allow-Origin header
Posted: November 20th, 2017, 4:48 pm
by safihre
You need to do it via Javascript JSON calls, for example using jQuery's $.get()
Re: Control of Access-Control-Allow-Origin header
Posted: November 29th, 2017, 10:10 pm
by twiceover
shypike wrote: ↑November 20th, 2017, 3:37 pm
Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.
Code: Select all
<!DOCTYPE html>
<html>
This is the History:
<iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe>
End
</html>
I open this from a local HTML text file.
For what I'm trying to do I can't use iframe. I need to call for and get values from the API.
Re: Control of Access-Control-Allow-Origin header
Posted: November 29th, 2017, 10:11 pm
by twiceover
safihre wrote: ↑November 20th, 2017, 4:48 pm
You need to do it via Javascript JSON calls, for example using jQuery's $.get()
Hrm. I'll give it a try.
Re: Control of Access-Control-Allow-Origin header
Posted: April 27th, 2018, 10:45 pm
by hl2guide
When using jQuery's $.get() you still get the same result:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
https://127.0.0.1:9090/sabnzbd/.......
Please add the header to SAB:
Access-Control-Allow-Origin: *