Jesse,
I had to dig in the past to find out where I had this situation to handle.
There are few http headers to add on the server where the function are called.
Access-Control-Allow-Origin: origin addresses allowed to call the functions //
Access-Control-Allow-Credentials: true // if you need to have cookies
previously set.
Access-Control-Allow-Headers : headerList // Headers accepted in request (from
the javascript to server code)
Access-Control-Expose-Headers : headerList // Headers returned in responses
(from the server to javascript)
Regards,
Samuel
<add name="Access-Control-Allow-Origin"
value="https://web.kaviju.com"; />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Headers"
value="document,numberOfAnnotations,Range" />
<add name="Access-Control-Expose-Headers"
value="allowsDocumentSharing,addWatermarkToFiles,boardName,agendaDate,userName,Content-Range,Accept-Ranges"
/>
> Le 3 oct. 2020 à 12:06, Jesse Tayler <jtay...@oeinc.com> a écrit :
>
> Right, so CORS is basically a browser thing and thus my command line or
> mobile app requests have all worked
>
> So, I added in my virtual host apache configuration
>
> Header set Access-Control-Allow-Origin "*"
>
> But I’m not sure that’s allowing the headers through still?
>
> Imagine a node.js server will just hit an API->JSON and I need to get a Key
> privately from that request
>
> I realize I’m just using those javascript fiddle editor things like postman
> or whatever which I suppose isn’t entirely the same as a node.js request from
> a server since I guess the request is coming out of the web page/browser in
> those cases.
>
> hmm…
>
>
>> On Oct 3, 2020, at 11:46 AM, Samuel Pelletier <sam...@samkar.com
>> <mailto:sam...@samkar.com>> wrote:
>>
>> Hi Jesee,
>>
>> If your queries are crossing origins, you need to add CORS headers in your
>> responses or on your server configuration.
>>
>> Those includes rules for allowed cookies and headers.
>>
>> I do not think they are required for same origin requests but this may be
>> something added lately.
>>
>> Regards,
>>
>> Samuel
>>
>>> Le 3 oct. 2020 à 08:18, Jesse Tayler via Webobjects-dev
>>> <webobjects-dev@lists.apple.com <mailto:webobjects-dev@lists.apple.com>> a
>>> écrit :
>>>
>>>
>>> I have relied on passing auth keys in headers from mobile apps and scripts.
>>>
>>> I can even stuff a header into a curl statement
>>>
>>> curl -H "Authorization: MY_PRIVATE_KEY"
>>>
>>> In WO I can simply ask
>>>
>>> request().headerForKey("Authorization”);
>>>
>>> And I get that key, always works as I’d expect
>>>
>>> now I’m testing some AJAX and I see a few things
>>>
>>> 1. It makes my header lowercase?
>>> 2. I can print out all headers and all keys from WO and I can see my header
>>> listed but I’m never able to read it? Even if I use lowercase or change
>>> keys I never get a header in WO when I send it from AJAX
>>>
>>> How could this be?
>>>
>>> Is this some OTHER form of header or something?
>>>
>>>
>>> I try a few ways to insert headers all to the same effect
>>>
>>>
>>>
>>> beforeSend: function (xhr) {
>>> xhr.setRequestHeader ("Authorization", "MY_PRIVATE_KEY”);
>>> },
>>>
>>>
>>>
>>>
>>> Or--
>>>
>>>
>>>
>>> headers: {
>>> "Authorization": "MY_PRIVATE_KEY”,
>>> "my-second-header": "second value”
>>> },
>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com
>>> <mailto:Webobjects-dev@lists.apple.com>)
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/webobjects-dev/samuel%40samkar.com
>>> <https://lists.apple.com/mailman/options/webobjects-dev/samuel%40samkar.com>
>>>
>>> This email sent to sam...@samkar.com
>>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
