get information from sonarqube api with javascript

[lotje...@gmail.com]

I am trying to get information from sonarQube  for a widget on TFS. 

But when I to get information with javascript I get an error:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 405.

This is the code a used:

-----------------------------------------------------------------------------------

function a(){

var xhr = new XMLHttpRequest(); 

xhr.onreadystatechange = function() {

  if (this.readyState == 4 && this.status == 200) {

  document.getElementById("demo").innerHTML = this.responseText;

}

};

xhr.open("GET","local_Url/api/authentication/validate", true);

xhr.setRequestHeader("Authorization", "Basic " + btoa("[user]:[PASSWORD]"));

xhr.send();

}

-----------------------------------------------------------------------------------

It doesn't work with the TOKEN in the URL. Or with setRequestHeader("Authorization", "Basic " + btoa("[TOKEN]]"));

Is there anyone who can help me?

[Stas Vilchik]

Hello,

You're doing a cross-origin requests (CORS), which are not allowed by our server for security reasons.

To get some information from the server you must request api from you server, not from the browser.

Cheers,

[lotje...@gmail.com]

what do I need to change?

We have a local sonarqube. Only to be find by entering the local network?

On IE11 the code works, but in chrome of FF ik gives me an error:

Op donderdag 30 maart 2017 16:48:17 UTC+2 schreef Stas Vilchik:

[michael...@gmail.com]

Hey,

Did you ever figure out a solution for this?

I'm in the exact same scenario (trying to make a TFS widget).

[Stas Vilchik]

Hello,

You need to enable cross-origin requests (CORS) on your sonarqube server. See here how to do it depending on your web server.

Regards,

[michael...@gmail.com]

Hi Stas,

Thanks! I tried to do this but the server admins will not enable CORS. Do I have any other other options at this point?

Thanks,

Michael

[Stas Vilchik]

Hello,

If you don't enable CORS, then you have to proxy the request through the web server deployed on the same domain as your web app.

Regards,

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/FGWQWEdR_PU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/dff35c19-c367-4a8b-9520-a02b0ccd6f82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ionut....@gmail.com]

I don't get anymore "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 405." but now the error refers to the OPTIONS verb being used.

OPTIONS http://<sonarqube host url>/api/duplications/show?key=<project key> gives me 405

How can I overcome this issue?

Thanks,

Ionut

[rahul...@gmail.com]

Hi,

Is there any option to disable CORS via properties within sonar?

I'm using ver 6.7.

Thanks

[Stas Vilchik]

Hello,

CORS is not enabled in the SonarQube server by default. So you don't need to do anything to keep it disabled.

Cheers,

Stas