Access-Control-Allow-Origin #192

Closed
dbigham opened this Issue Nov 27, 2016 · 8 comments

Projects

None yet

3 participants

@dbigham
dbigham commented Nov 27, 2016

Hi,

I'd like to call your API from some JavaScript running on a webpage, but when I call your API I get this:

XMLHttpRequest cannot load http://melpon.org/wandbox/api/compile.json.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'null' is therefore not allowed access.

It appears that your web server is configured to disallow requests from web pages. Is that intentional?

@melpon
Owner
melpon commented Nov 28, 2016

Wandbox allows cross-origin.

$ cat test.json
{
  "code":"#include <iostream>\nint main() { std::cout << \"hoge\" << std::endl; }",
  "compiler": "gcc-head"
}
$ curl -v -H "Content-type: application/json" -d "`cat test.json`"  http://melpon.org/wandbox/api/compile.json                              
*   Trying 49.212.130.73...
* Connected to melpon.org (49.212.130.73) port 80 (#0)
> POST /wandbox/api/compile.json HTTP/1.1
> Host: melpon.org
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> Content-Length: 112
> 
* upload completely sent off: 112 out of 112 bytes
< HTTP/1.1 200 OK
< Server: nginx/1.11.5
< Date: Mon, 28 Nov 2016 01:19:30 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Origin: *             <---- here!
< X-Powered-By: CppCMS/1.0.4
< 
{
        "program_message" :     "hoge\n",
        "program_output" :      "hoge\n",
        "status" :      "0"
}
* Connection #0 to host melpon.org left intact

I don't know why can't read it from your webpage.

@fetus-hina
Contributor

@melpon
Firefox sends "preflight" before POST request. https://developer.mozilla.org/ja/docs/Web/HTTP/HTTP_access_control (ja)
(And that error message has a message "preflight request doesn't pass.")

Emulated:

[fetus@goya ~]$ curl -X OPTIONS http://melpon.org/wandbox/api/compile.json -v
* About to connect() to melpon.org port 80 (#0)
*   Trying 49.212.130.73...
* Connected to melpon.org (49.212.130.73) port 80 (#0)
> OPTIONS /wandbox/api/compile.json HTTP/1.1
> User-Agent: curl/7.29.0
> Host: melpon.org
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.11.5
< Date: Mon, 28 Nov 2016 07:58:40 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Allow: OPTIONS, POST
< Status: 200 OK
< X-Powered-By: CppCMS/1.0.4
<
* Connection #0 to host melpon.org left intact

It looks no Access-Control-Allow-Origin in response header.

@melpon
Owner
melpon commented Nov 28, 2016

@fetus-hina Thank you for your information !
I understood what is an issue. I'll try to fix it.

@melpon melpon added a commit that referenced this issue Nov 28, 2016
@melpon fix CORS header issue (#192) 559307c
@melpon
Owner
melpon commented Nov 28, 2016

@dbigham I probably fixed. Please re-try to call the API.

@dbigham
dbigham commented Nov 28, 2016

@melpon, thanks for the quick turn-around! I'll give it a try when I get home from work.

@fetus-hina fetus-hina added a commit to fetus-hina/wandbox that referenced this issue Nov 28, 2016
@melpon @fetus-hina + fetus-hina fix CORS header issue (#192) eb32cbb
@dbigham
dbigham commented Nov 29, 2016 edited

I don't think it's fixed yet. That said, the error message is now different.

XMLHttpRequest cannot load http://melpon.org/wandbox/api/compile.json. 
Request header field Content-Type is not allowed by
Access-Control-Allow-Headers in preflight response.

Here's the JavaScript I'm using to make the HTTP POST:

	var http = new XMLHttpRequest();
	http.open("POST", server + path, true);
	http.onload = function (e) {
		if (http.readyState === 4) {
			if (http.status === 200) {
				onSuccess(http.responseText);
			} else {
				console.log(http.statusText);
				onErrror(http.statusText);
			}
		}
	};
	http.setRequestHeader('Content-Type', 'application/json');
	http.onerror = function(e) { console.log("HTTP error for: " + path); console.log(e); onError(e); };
	http.send(JSON.stringify(json));
@melpon
Owner
melpon commented Nov 29, 2016

I fixed.
Response to preflight request required Access-Control-Allow-Headers header.

@dbigham
dbigham commented Nov 30, 2016

That's working now, thanks!

@dbigham dbigham closed this Nov 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment