I'm writing a little web utility to hit the SAB API and get me some dashboard information. It works perfectly in IE, however Chrome (and FF) have a security setting that prevents cross domain requests. So when my utility (running on one server) hits the API (running on a different server), Chrome pukes up a security issue "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access." This can be resolved by the SAB server allowing some control over the Access-Control-Allow-Origin header.
I'm sure this is an advanced setting that basically nobody would need, however it would be pretty darn useful for the API. In my searching I did find someone that forked SAB 5 or so years ago just to add this capability.
Thought I'd throw it out there. Thanks for the awesome work.
Control of Access-Control-Allow-Origin header
Re: Control of Access-Control-Allow-Origin header
Can you explain the details a bit more?
Or point to the fork?
Or point to the fork?
Re: Control of Access-Control-Allow-Origin header
I can't find that fork.
Here is a Reddit post of someone trying to do the same thing I am.
LINKhttps://www.reddit. com/r/javascript/comments/51sry6/need_some_help_with_js_and_api/?st=j9vookgr&sh=1ad106a9
More info on CORS:
LINKhttps://developer.mozilla. org/en-US/docs/Web/HTTP/CORS
Post from a few years ago:
LINKhttps://forums.sabnzbd. org/viewtopic.php?t=7072
New users aren't allowed to post links, so parse as you will.
Here is a Reddit post of someone trying to do the same thing I am.
LINKhttps://www.reddit. com/r/javascript/comments/51sry6/need_some_help_with_js_and_api/?st=j9vookgr&sh=1ad106a9
More info on CORS:
LINKhttps://developer.mozilla. org/en-US/docs/Web/HTTP/CORS
Post from a few years ago:
LINKhttps://forums.sabnzbd. org/viewtopic.php?t=7072
New users aren't allowed to post links, so parse as you will.
Re: Control of Access-Control-Allow-Origin header
Quite a subject.
I'll see what I can do.
I'll see what I can do.
Re: Control of Access-Control-Allow-Origin header
Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.
I open this from a local HTML text file.
I've made this very crude try and it works.
Code: Select all
<!DOCTYPE html>
<html>
This is the History:
<iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe>
End
</html>
Re: Control of Access-Control-Allow-Origin header
You need to do it via Javascript JSON calls, for example using jQuery's $.get()
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: Control of Access-Control-Allow-Origin header
For what I'm trying to do I can't use iframe. I need to call for and get values from the API.shypike wrote: ↑November 20th, 2017, 3:37 pm Can you show me how you refer to SABnzbd?
I've made this very crude try and it works.
I open this from a local HTML text file.Code: Select all
<!DOCTYPE html> <html> This is the History: <iframe src="https://MYSERVER .COM:8080/sabnzbd/rss?mode=history&apikey=MYAPIKEY" width="100%" height="2000" frameborder="0" scrolling="yes"></iframe> End </html>
Re: Control of Access-Control-Allow-Origin header
When using jQuery's $.get() you still get the same result:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:9090/sabnzbd/.......
Please add the header to SAB:
Access-Control-Allow-Origin: *
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:9090/sabnzbd/.......
Please add the header to SAB:
Access-Control-Allow-Origin: *