Thanks Michele, although is an old post you saved my day!! :-)
Le mercredi 26 octobre 2016 22:01:06 UTC+2, mcm a écrit :
>
> You can do that easily in web2py...
>
> Below is a sample of a decorator that allows any origin.
> Change it to fit your needs.
>
> You can use in a controller like:
>
> @cors_allow
> def action():
> .
> .
> .
> return dict(...)
>
> ------------------
>
> def cors_origin():
> origin = request.env.http_origin
> headers = {}
> headers['Access-Control-Allow-Origin'] = origin
>
> headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS, POST, HEAD,
> PUT'
> headers['Access-Control-Allow-Headers'] =
> 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept'
> headers['Access-Control-Allow-Credentials'] = 'true';
> response.headers.update(headers)
>
> if request.env.request_method == 'OPTIONS':
> headers['Content-Type'] = None
> raise HTTP(200, '', **headers)
>
>
> def cors_allow(action):
>
> def f(*args, **kwargs):
> cors_origin()
> return action(*args, **kwargs)
>
> f.__doc__ = action.__doc__
> f.__name__ = action.__name__
> f.__dict__.update(action.__dict__)
>
> return f
>
>
> 2016-10-26 20:19 GMT+02:00 Spokes <[email protected] <javascript:>>:
>
>> This isn't necessarily a web2py-specific question, but perhaps there's a
>> web2py-specific solution that's preferable to other solutions, so I thought
>> I'd ask it here.
>>
>> I have some HTML code and javascript, which I'd like to be able to paste
>> into any website, and which should access an API endpoint on a web2py
>> server. The web2py application is running on an nginx server.
>>
>> The javascript portion of the client code snippet is as follows:
>>
>> <script>
>> $(document).on("click", "button", function(e){
>> ...
>> var xhr = new XMLHttpRequest();
>> xhr.open("POST", "https://myurl.com/api/action/";
>> );
>> xhr.setRequestHeader("Content-Type",
>> "application/json");
>> var jsonStr = JSON.stringify({
>> Header:{Procedure:"..."},
>> Body: { ... }
>> });
>> xhr.send(jsonStr);
>> });
>> </script>
>>
>> When the button that triggers the above action is clicked, the following
>> error is generated (in Chrome):
>>
>> XMLHttpRequest cannot load https://myurl.com/api/action. Response to
>> preflight request doesn't pass access control check: No
>> 'Access-Control-Allow-Origin' header is present on the requested resource.
>> Origin 'http://127.0.0.1:8000' is therefore not allowed access.
>>
>> As I understand it, this issue can be resolved by enabling CORS in the
>> nginx settings <http://enable-cors.org/server_nginx.html>. However, I'd
>> like to limit the modification to that one API function, which corresponds
>> to the application/controller/function combo, "[MyApplication]/api/action".
>> I'd appreciate recommendations on how to do this within the context of
>> web2py running on nginx. Alternatively, is there a modification to the
>> client javascript code (I'd like to keep the code small, so any
>> modification would have to not exceed a couple of lines) that would remedy
>> the problem? Thanks.
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
