CORS gets in a way calling management API from JavaScript?

[V Z]

I wanted to develop a visualizer that was similar to what is shipped with Rabbit, but better ;) I developed it in JavaScript, where I was calling Rabbit management API from JavaScript using XHR (ajax). 

It worked in IE but it did not work in Chrome. I suspect, it's because my script was served from http://foo.mycompany.com:8080 but Rabbit management API is on https://rabbit.mycompany.com:15672 -- protocol, host, and port are all different, although just one variation was sufficient to get in a way.

Assuming it's not doing this already, is there a way to instruct the management API to return the CORS headers (Access-Control-Allow-Origin, etc)?

[Michael Klishin]

I believe there is an issue for it. Without using a reverse proxy that alters response headers, probably not.

[Loïc Hoguin]

There was https://github.com/rabbitmq/rabbitmq-management/issues/3 but
it was closed. We fixed CORS in Web-STOMP but management still has
nothing AFAIK.

On 03/12/2016 10:10 PM, Michael Klishin wrote:
> I believe there is an issue for it. Without using a reverse proxy that
> alters response headers, probably not.
>
> On 12 mar 2016, at 17:04, V Z <uvzu...@gmail.com

> <mailto:uvzu...@gmail.com>> wrote:
>
>> Assuming it's not doing this already, is there a way to instruct the
>> management API to return the CORS headers
>> (Access-Control-Allow-Origin, etc)?
>

> --
> You received this message because you are subscribed to the Google
> Groups "rabbitmq-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to rabbitmq-user...@googlegroups.com
> <mailto:rabbitmq-user...@googlegroups.com>.
> To post to this group, send email to rabbitm...@googlegroups.com
> <mailto:rabbitm...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

--
Loïc Hoguin
http://ninenines.eu
Author of The Erlanger Playbook,
A book about software development using Erlang