cljs-http with CORS problem...

[Thomas]

Hi Everyone,

I am trying to build a little cljs app and I want to call a REST API that potentially will run on a different machine (testing with localhost at the moment).

I am using the cljs-http library which seems to be quite easy to use. But I get the following error when I do a GET call:

XMLHttpRequest cannot load https://localhost:9443/path/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

When I do the same call however from a normal browser window or with Poster I do get a good response.

Any idea how I can avoid it? I did bit of Googling and the error is related to Cross Origin Resources, but couldn't find a solution :(( Any ideas how to avoid this?

Thanks in advance!!!

Thomas

[Julien Eluard]

Hi,

make sure the web server you are interacting with sets the right CORS headers in the response.

If you control it you can find more info here: http://enable-cors.org/server.html

Julien

--
Note that posts from new members are moderated - please be patient with your first post.
---
You received this message because you are subscribed to the Google Groups "ClojureScript" group.
To unsubscribe from this group and stop receiving emails from it, send an email to clojurescrip...@googlegroups.com.
To post to this group, send email to clojur...@googlegroups.com.
Visit this group at http://groups.google.com/group/clojurescript.

[Don Jackson]

On Feb 13, 2014, at 1:57 PM, Julien Eluard <julien...@gmail.com> wrote:

make sure the web server you are interacting with sets the right CORS headers in the response.

If you control it you can find more info here: http://enable-cors.org/server.html

Le 13 févr. 2014 à 18:40, Thomas <th.van...@gmail.com> a écrit :

I am trying to build a little cljs app and I want to call a REST API that potentially will run on a different machine (testing with localhost at the moment).
I am using the cljs-http library which seems to be quite easy to use. But I get the following error when I do a GET call:
XMLHttpRequest cannot load https://localhost:9443/path/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.  
When I do the same call however from a normal browser window or with Poster I do get a good response.
Any idea how I can avoid it? I did bit of Googling and the error is related to Cross Origin Resources, but couldn't find a solution :((  Any ideas how to avoid this?

Julien is correct, the right way to solve this issue is to have the server you are attempting to access via XMLHttpRequest return CORS headers.

Since I control the remote web server, I was able to add the CORS headers.

I spent a day or two this week on exactly this issue, and there is plenty of information available out there about which headers are required and why.

I recommend keeping a close eye on your browser console while you test this, it took me a couple of iterations to get it all correct.

And some browsers/dev-tools provide very complete error messages when you get it wrong, but unfortunately I do not recall which browser/tool I ended up using at the moment.

I am not certain, but I would guess that the reason you can access the remote server from another browser window is that when you do so, your browser is reporting its hostname as

something other than localhost, and possibly the remote server doesn’t accept CORS requests from localhost.  Just yesterday I learned a trick

that can help in situations like this, add an entry to your /etc/hosts file, something like this:

127.0.0.1 foo.example.com

Then, instead of accessing  https://localhost:9443/path, try  http://foo.example.com:9443/path

Your app should load from your local machine as usual, but when you execute XMLHttpRequest, it should report its hostname

as specified above, which *might* solve your problem, but I am not certain.

Another approach you can take is to configure your browser to disable its same-origin policy, this is OK in development, but

you cannot expect your users to do this.  If you choose this route, you may find these links helpful:

How to: Disable Same-Origin Policy in Chrome | Joshua McGinnis

Disable firefox same origin policy - Stack Overflow

Good luck!

Don