Page 1 of 1

Control of Access-Control-Allow-Origin header

Posted: September 19th, 2017, 10:15 am
by twiceover
I'm writing a little web utility to hit the SAB API and get me some dashboard information. It works perfectly in IE, however Chrome (and FF) have a security setting that prevents cross domain requests. So when my utility (running on one server) hits the API (running on a different server), Chrome pukes up a security issue "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access." This can be resolved by the SAB server allowing some control over the Access-Control-Allow-Origin header.

I'm sure this is an advanced setting that basically nobody would need, however it would be pretty darn useful for the API. In my searching I did find someone that forked SAB 5 or so years ago just to add this capability.

Thought I'd throw it out there. Thanks for the awesome work.

Re: Control of Access-Control-Allow-Origin header

Posted: October 19th, 2017, 2:48 pm
by shypike
Can you explain the details a bit more?
Or point to the fork?

Re: Control of Access-Control-Allow-Origin header

Posted: November 11th, 2017, 2:16 pm
by twiceover
I can't find that fork.

Here is a Reddit post of someone trying to do the same thing I am.

LINKhttps://www.reddit. com/r/javascript/comments/51sry6/need_some_help_with_js_and_api/?st=j9vookgr&sh=1ad106a9

More info on CORS:
LINKhttps://developer.mozilla. org/en-US/docs/Web/HTTP/CORS

Post from a few years ago:
LINKhttps://forums.sabnzbd. org/viewtopic.php?t=7072

New users aren't allowed to post links, so parse as you will.

Re: Control of Access-Control-Allow-Origin header

Posted: November 20th, 2017, 2:58 pm
by shypike
Quite a subject.
I'll see what I can do.

Re: Control of Access-Control-Allow-Origin header

Posted: November 20th, 2017, 3:37 pm
by shypike
Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.

Code: Select all

<!DOCTYPE html>
<html>

This is the History:
<iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe>
End

</html>
I open this from a local HTML text file.

Re: Control of Access-Control-Allow-Origin header

Posted: November 20th, 2017, 4:48 pm
by safihre
You need to do it via Javascript JSON calls, for example using jQuery's $.get()

Re: Control of Access-Control-Allow-Origin header

Posted: November 29th, 2017, 10:10 pm
by twiceover
shypike wrote: November 20th, 2017, 3:37 pm Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.

Code: Select all

<!DOCTYPE html>
<html>

This is the History:
<iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe>
End

</html>
I open this from a local HTML text file.
For what I'm trying to do I can't use iframe. I need to call for and get values from the API.

Re: Control of Access-Control-Allow-Origin header

Posted: November 29th, 2017, 10:11 pm
by twiceover
safihre wrote: November 20th, 2017, 4:48 pm You need to do it via Javascript JSON calls, for example using jQuery's $.get()
Hrm. I'll give it a try.

Re: Control of Access-Control-Allow-Origin header

Posted: April 27th, 2018, 10:45 pm
by hl2guide
When using jQuery's $.get() you still get the same result:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:9090/sabnzbd/.......

Please add the header to SAB:

Access-Control-Allow-Origin: *