Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No 'Access-Control-Allow-Origin' header is present on the requested resource #2818

Open
nicolahinssen opened this Issue Mar 28, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@nicolahinssen
Copy link

commented Mar 28, 2018

Jackett version: 0.8.815.0
Mono version: 5.10.0


Hi,

I'm trying to write a simple web app, which sends HTTP requests to the Jackett API. With each GET request I get the error:
Failed to load http://IPADDRESS:9117/api/v2.0/indexers/all/results?apikey=APIKEY&Query=test&_=1522221130657: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://IPADDRESS' is therefore not allowed access.

Of course I've done some Googling and the problem seems to be the Cross-Origin Resource Sharing mechanism. The solution is to set the Access-Control-Allow-Origin header for every response from the Jackett server to my web app IP address.

How can I accomplish this?

Thanks!

@nicolahinssen

This comment has been minimized.

Copy link
Author

commented Mar 28, 2018

Closing this issue already. Got it working with a reverse proxy using Apache. With this config:

<Location /jackett>
    ProxyPreserveHost On
    Header set Access-Control-Allow-Origin "*"
    RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
    ProxyPass http://127.0.0.1:9117
    ProxyPassReverse http://127.0.0.1:9117
</Location>

@kaso17 kaso17 added the Enhancement label Apr 17, 2018

@kaso17 kaso17 reopened this Apr 17, 2018

@kaso17

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2018

Reopening this as an enhancement request.

We should add an option to set the header correctly.

Simply setting Access-Control-Allow-Origin to * is a bad idea. This will allow any other website to steal cookies, passkeys, etc. from jackett via cross site scripting. You should set it to the corresponding URL used by your application.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.