Access-Control-Allow-Origin problem
308 views
Skip to first unread message
pat grady
Jun 5, 2013, 4:34:13 PM6/5/13
to app-...@googlegroups.com
Hi,
My company has an API that enforces Access-Control. I can't change that policy.
So, I created an API proxy for the service using the APIGEE Gateway/Platform thing.
I checked the "Enable Direct Browser Access for Your API — Allow direct requests from a browser via CORS" button when setting up the proxy, and it created a policy called "Add CORS"
The proxy endpoint works great in the Apigee.com/Console however I cannot get my JS+HTML5 app to work:
XMLHttpRequest cannot load http://theproxyapi-test.apigee.net/v1/doStuff. Origin http://localhost is not allowed by Access-Control-Allow-Origin.
Any tips?
thanks!
pat
he...@apigee.com
Jun 5, 2013, 6:48:34 PM6/5/13
to app-...@googlegroups.com
I’m using a tool to parse my email and help me track your questions better. Please reply above this line to make sure it captures everything correctly :)
Hi Pat, good question. Can you use the web inspector in a browser and tell me what the value is for the Allow-Access-Control-Origin header on the response?
Also, it would help to know which environment you are testing this in. Are you in PhoneGap/Cordova or testing from a browser? Knowing which one and which version would help :)
Cheers,
Tim
Message has been deleted
pat grady
Jun 6, 2013, 2:52:25 PM6/6/13
to app-...@googlegroups.com
I found a work-around by creating a proxy PHP page on my server to act as a go between my webapp and the apigee API. not really what I was looking for, but it is working!
On Thu, Jun 6, 2013 at 11:14 AM, pat grady <pat....@gmail.com> wrote:
Hi Tim,I'm using Google Chrome : Version 27.0.1453.94 mHere is my request:
- GET http://wfm4sqcontests-test.apigee.net/v1/stores?access_token=0sl3oq6UYSzCJ7SfmeRDNngmTRb0&limit=1000 HTTP/1.1 Pragma: no-cache Accept: */* Referer: http://localhost/ Origin: http://localhost Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
there is no response, the browser blocks it:
XMLHttpRequest cannot load http://wfm4sqcontests-test.apigee.net/v1/stores?access_token=0sl3oq6UYSzCJ7SfmeRDNngmTRb0&limit=1000. Origin http://localhost is not allowed by Access-Control-Allow-Origin.
I'm just checking the TRACE function now, and I'm realizing that this is just my browser misbehaving... I'm not sure how to correct/fix this without disabling the browser security, but that is not an option for my users.This is the response that TRACE is telling me Apigee is sending for the request (which the browser never receives this response)
- Access-Control-Allow-Headers: origin
- Access-Control-Allow-Origin: *.wfm.pvt
- Date: Thu, 06 Jun 2013 16:11:16 GMT
- Content-Length: 315335
- Access-Control-Max-Age: 3628800
- Set-Cookie: CAKEPHP=lir6q4ks36b5nm2i4d2kbamsh4; expires=Thu
- Access-Control-Allow-Methods: GET
- Connection: keep-alive
- Content-Type: application/json
- Server: nginx/1.1.19
- X-Powered-By: PHP/5.3.10-1ubuntu3.6
--
You received this message because you are subscribed to a topic in the Google Groups "App Craft" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/app-craft/P33YH7Cmj8A/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to app-craft+...@googlegroups.com.
To post to this group, send email to app-...@googlegroups.com.
Visit this group at http://groups.google.com/group/app-craft?hl=en.
Reply all
Reply to author
Forward
0 new messages