Right, so CORS is basically a browser thing and thus my command line or mobile app requests have all worked
So, I added in my virtual host apache configuration Header set Access-Control-Allow-Origin "*" But I’m not sure that’s allowing the headers through still? Imagine a node.js server will just hit an API->JSON and I need to get a Key privately from that request I realize I’m just using those javascript fiddle editor things like postman or whatever which I suppose isn’t entirely the same as a node.js request from a server since I guess the request is coming out of the web page/browser in those cases. hmm… > On Oct 3, 2020, at 11:46 AM, Samuel Pelletier <sam...@samkar.com> wrote: > > Hi Jesee, > > If your queries are crossing origins, you need to add CORS headers in your > responses or on your server configuration. > > Those includes rules for allowed cookies and headers. > > I do not think they are required for same origin requests but this may be > something added lately. > > Regards, > > Samuel > >> Le 3 oct. 2020 à 08:18, Jesse Tayler via Webobjects-dev >> <webobjects-dev@lists.apple.com> a écrit : >> >> >> I have relied on passing auth keys in headers from mobile apps and scripts. >> >> I can even stuff a header into a curl statement >> >> curl -H "Authorization: MY_PRIVATE_KEY" >> >> In WO I can simply ask >> >> request().headerForKey("Authorization”); >> >> And I get that key, always works as I’d expect >> >> now I’m testing some AJAX and I see a few things >> >> 1. It makes my header lowercase? >> 2. I can print out all headers and all keys from WO and I can see my header >> listed but I’m never able to read it? Even if I use lowercase or change keys >> I never get a header in WO when I send it from AJAX >> >> How could this be? >> >> Is this some OTHER form of header or something? >> >> >> I try a few ways to insert headers all to the same effect >> >> >> >> beforeSend: function (xhr) { >> xhr.setRequestHeader ("Authorization", "MY_PRIVATE_KEY”); >> }, >> >> >> >> >> Or-- >> >> >> >> headers: { >> "Authorization": "MY_PRIVATE_KEY”, >> "my-second-header": "second value” >> }, >> >> >> _______________________________________________ >> Do not post admin requests to the list. They will be ignored. >> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) >> Help/Unsubscribe/Update your Subscription: >> https://lists.apple.com/mailman/options/webobjects-dev/samuel%40samkar.com >> >> This email sent to sam...@samkar.com >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com