Problem with cherrypy and "same origin policy"

[stefano tisi]

Hi people, do you want to make the world a better place? Greener, smarter and so on? So just help me with this problem and for sure this will be reality !!!

Stop joking, I ask you to help me because it is two days I have this problem and I can't find a solution and the entire project is unusable.

I have a web site on "localhost" using some API provided by cherrypy on localhost:8085 (I must use API to do this project). The "simplified version of api.py is this (also in attachements):

import random
import string
import cherrypy
import mysql.connector
import json

class FindMeAPI(object):
    exposed = True
    @cherrypy.tools.accept(media='text/plain')
    def GET (self, *uri, **params):
        return "stupid string 1"
       
    def POST (self, *uri, **params):
        return "stupid string 2"
   
    def DELETE (self, *uri, **params):
        return "stupid string 3"
       
       
def CORS():
    cherrypy.response.headers["Allow"] = "POST, GET, DELETE, OPTIONS"
    cherrypy.response.headers["Access-Control-Request-Headers"] = "x-requested-with"   
    cherrypy.response.headers["Access-Control-Allow-Origin"] = "*"
    cherrypy.response.headers["Access-Control-Allow-Headers"] = "Origin, X-Requested-With, Content-Type, Accept"
    cherrypy.response.headers["Content-Type"] = "application/json"
    print cherrypy.response.headers
   
if __name__ == '__main__':
    conf = {
        '/': {
            'request.dispatch': cherrypy.dispatch.MethodDispatcher(),
            'tools.sessions.on': True,
            'tools.response_headers.on': True,
            'tools.CORS.on': True,
            'tools.response_headers.headers': [('Content-Type', 'text/plain')],
            }
        }
   
    cherrypy.server.socket_host = '0.0.0.0'
    cherrypy.tools.CORS = cherrypy.Tool('before_handler', CORS)
    cherrypy.config.update({'server.socket_port': 8085})
    cherrypy.quickstart(FindMeAPI(), '/findme', conf)
   

I use postman to check and....  Yeee! It works!

But, then I use AJAX in my html page to call the API (now to make it easy I removed the content of API and I put just some strings as returned value) with this javascript code:

        function deleteTravel(){
            var xhttp_deleteTravel = new XMLHttpRequest();
            xhttp_deleteTravel.onreadystatechange = function() {
                if (this.readyState == 4 && this.status == 200) {
                    console.log("it works!");
                }
            }
            xhttp_deleteTravel.open("DELETE", "http://localhost:8085/findme", true);
            xhttp_deleteTravel.send();
        }

And what I get is this error message in console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8085/findme?id=10. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).[Learn More]
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8085/findme?id=10. (Reason: CORS request did not succeed).[Learn More]

Any idea to help me?

It works with GET method but not with DELETE. Even if they basically do the same stuff. It seems that cherrypy is ignoring the line where I authorize the use of "DELETE" .

Please, help me. Maybe the world wouldn't be smarter, but for me this task is very important.

[Edvin]

I had issues with POST methods and it was a combination of cors and OPTION headers. 

See my post and solution: https://groups.google.com/forum/#!topic/cherrypy-users/VKv_KkLJi14

[Musiitwa Edmond]

I have had the same problem before when i was developing my backend for a react app with python flask and the first quick fix i got was
Installing "CORS" browser extension but this is not a permanent solution since the users of your app would have to run the extension when using the app

yet the extension messes with some services like YouTube hence making this solution not so reliable

I din't make any further research on how to fix it in python but am certain using frameworks like django can be of help and if the worst comes to the worst, 
you can decide to develop your API in JavaScript, very many JS frameworks have this already cared for,

My personal favorite is ExpressJS but you can check this link for more alternatives.
https://www.tecmint.com/best-nodejs-frameworks-for-developers/ 

Hope this helps if you are still stuck 

 

On Sat, Jul 20, 2019 at 9:31 PM Edvin <beqa...@gmail.com> wrote:

I had issues with POST methods and it was a combination of cors and OPTION headers. 

See my post and solution: https://groups.google.com/forum/#!topic/cherrypy-users/VKv_KkLJi14

--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cherrypy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cherrypy-users/bdddf78c-33db-4eab-a4ff-03a9fbc57319%40googlegroups.com.