Thanks, Michele; that worked like a charm! The only issue is that request.vars is empty - any idea as to what could be causing that?
On Wednesday, October 26, 2016 at 4:01:06 PM UTC-4, mcm wrote: > > You can do that easily in web2py... > > Below is a sample of a decorator that allows any origin. > Change it to fit your needs. > > You can use in a controller like: > > @cors_allow > def action(): > . > . > . > return dict(...) > > ------------------ > > def cors_origin(): > origin = request.env.http_origin > headers = {} > headers['Access-Control-Allow-Origin'] = origin > > headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS, POST, HEAD, > PUT' > headers['Access-Control-Allow-Headers'] = > 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept' > headers['Access-Control-Allow-Credentials'] = 'true'; > response.headers.update(headers) > > if request.env.request_method == 'OPTIONS': > headers['Content-Type'] = None > raise HTTP(200, '', **headers) > > > def cors_allow(action): > > def f(*args, **kwargs): > cors_origin() > return action(*args, **kwargs) > > f.__doc__ = action.__doc__ > f.__name__ = action.__name__ > f.__dict__.update(action.__dict__) > > return f > > > 2016-10-26 20:19 GMT+02:00 Spokes <spoke...@gmail.com <javascript:>>: > >> This isn't necessarily a web2py-specific question, but perhaps there's a >> web2py-specific solution that's preferable to other solutions, so I thought >> I'd ask it here. >> >> I have some HTML code and javascript, which I'd like to be able to paste >> into any website, and which should access an API endpoint on a web2py >> server. The web2py application is running on an nginx server. >> >> The javascript portion of the client code snippet is as follows: >> >> <script> >> $(document).on("click", "button", function(e){ >> ... >> var xhr = new XMLHttpRequest(); >> xhr.open("POST", "https://myurl.com/api/action/" >> ); >> xhr.setRequestHeader("Content-Type", >> "application/json"); >> var jsonStr = JSON.stringify({ >> Header:{Procedure:"..."}, >> Body: { ... } >> }); >> xhr.send(jsonStr); >> }); >> </script> >> >> When the button that triggers the above action is clicked, the following >> error is generated (in Chrome): >> >> XMLHttpRequest cannot load https://myurl.com/api/action. Response to >> preflight request doesn't pass access control check: No >> 'Access-Control-Allow-Origin' header is present on the requested resource. >> Origin 'http://127.0.0.1:8000' is therefore not allowed access. >> >> As I understand it, this issue can be resolved by enabling CORS in the >> nginx settings <http://enable-cors.org/server_nginx.html>. However, I'd >> like to limit the modification to that one API function, which corresponds >> to the application/controller/function combo, "[MyApplication]/api/action". >> I'd appreciate recommendations on how to do this within the context of >> web2py running on nginx. Alternatively, is there a modification to the >> client javascript code (I'd like to keep the code small, so any >> modification would have to not exceed a couple of lines) that would remedy >> the problem? Thanks. >> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+un...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.