RE: [interfacing-with-aeries] CORS Error Access-Allow-Origen on Aeries Demo site

[Camden Iliff]

Could this me something with your school's network?  This isn't an error from the Aeries system.

 

Camden Iliff

Vice President of Product Aeries® Student Information System

 

770 The City Drive South, Suite 6500 Orange, CA 92868 Office: (888) 487-7555 www.aeries.com c...@aeries.com

 

 

From: interfacing...@googlegroups.com <interfacing...@googlegroups.com> On Behalf Of Programmer SMCHS
Sent: Tuesday, January 4, 2022 12:55 PM
To: Interfacing With Aeries <interfacing...@googlegroups.com>
Subject: [interfacing-with-aeries] CORS Error Access-Allow-Origen on Aeries Demo site

 

CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders.

I thought we were allowed to place GET requests to the demo database but I keep getting a cross domain errors from the demo site.  Can anyone help please?

 

Sample Request code:

$.ajax({
                url: "https://demo.aeries.net/aeries/api/v5/systeminfo",
                type: "GET",
                dataType: "json",
                data: {"AERIES-CERT": "477abe9e7d27439681d62f4e0de1f5e1"} ,

                success: function (stats) {
                    console.log(stats);
                },
                error: function(e){
                    console.log(e.responseText);
                }

            });

 

Error from the console: 

/index.html?#:1 Access to XMLHttpRequest at 'https://demo.aeries.net/aeries/api/v5/systeminfo?AERIES-CERT=477abe9e7d27439681d62f4e0de1f5e1' from origin 'http://vm-stf-eportaldev03.smhs.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

 

--
You received this message because you are subscribed to the Google Groups "Interfacing With Aeries" group.
To unsubscribe from this group and stop receiving emails from it, send an email to interfacing-with-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/interfacing-with-aeries/ade0b1f4-5da2-42fc-a795-5f223cd6985fn%40googlegroups.com.

[Programmer SMCHS]

I went through the documentation a bit closer.  Your not supposed to expose the CERT in front t side code.  In this instance nothing has been compromised because that CERT is public to begin with.  So I installed the AERIES-API Ruby gem (https://github.com/derekpovah/aeries-api) and that works.  However, it only works with with the Demo site, not with our instance of Aeries.net.  I suspect that the demo site allows cross domain requests.  To get this working on my own instance of Aeries.net, I would have to allow CORS or place the query form the same server/domain.  All-in-all I find ODBC access safer and better than the Aeries API, in terms of connectivity.  I haven't had a chance to explore all the methods in the Aeries API, but I can say that them MIT's Ruby Gem seems limited in its initial scope.  

Anyway, we should probably close this thread since the answer is evident in the question - I should not have made my REST call exclusively front side.

[JD McKeel]

It should not be necessary to make the call from the same server/domain.  I do believe the difference is in the front-end nature of your request, which violated the CORS policy.

For instance, we  use Postman to test and troubleshoot the API all the time, and the numerous vendors who successfully use the API are outside the domain, of course.

Hope you are successful going forward.

---

From: interfacing...@googlegroups.com <interfacing...@googlegroups.com> on behalf of Programmer SMCHS <programm...@gmail.com>
Sent: Monday, January 10, 2022 9:03 AM

To: Interfacing With Aeries <interfacing...@googlegroups.com>

Subject: Re: [interfacing-with-aeries] CORS Error Access-Allow-Origen on Aeries Demo site

 

To view this discussion on the web visit https://groups.google.com/d/msgid/interfacing-with-aeries/b6ca9d5a-9d37-47e0-8731-210f88d06442n%40googlegroups.com.