Right, so CORS is basically a browser thing and thus my command line or mobile
app requests have all worked
So, I added in my virtual host apache configuration
Header set Access-Control-Allow-Origin "*"
But I’m not sure that’s allowing the headers through still?
Imagine a node.js server will just hit an API->JSON and I need to get a Key
privately from that request
I realize I’m just using those javascript fiddle editor things like postman or
whatever which I suppose isn’t entirely the same as a node.js request from a
server since I guess the request is coming out of the web page/browser in those
cases.
hmm…
> On Oct 3, 2020, at 11:46 AM, Samuel Pelletier <sam...@samkar.com> wrote:
>
> Hi Jesee,
>
> If your queries are crossing origins, you need to add CORS headers in your
> responses or on your server configuration.
>
> Those includes rules for allowed cookies and headers.
>
> I do not think they are required for same origin requests but this may be
> something added lately.
>
> Regards,
>
> Samuel
>
>> Le 3 oct. 2020 à 08:18, Jesse Tayler via Webobjects-dev
>> <webobjects-dev@lists.apple.com> a écrit :
>>
>>
>> I have relied on passing auth keys in headers from mobile apps and scripts.
>>
>> I can even stuff a header into a curl statement
>>
>> curl -H "Authorization: MY_PRIVATE_KEY"
>>
>> In WO I can simply ask
>>
>> request().headerForKey("Authorization”);
>>
>> And I get that key, always works as I’d expect
>>
>> now I’m testing some AJAX and I see a few things
>>
>> 1. It makes my header lowercase?
>> 2. I can print out all headers and all keys from WO and I can see my header
>> listed but I’m never able to read it? Even if I use lowercase or change keys
>> I never get a header in WO when I send it from AJAX
>>
>> How could this be?
>>
>> Is this some OTHER form of header or something?
>>
>>
>> I try a few ways to insert headers all to the same effect
>>
>>
>>
>> beforeSend: function (xhr) {
>> xhr.setRequestHeader ("Authorization", "MY_PRIVATE_KEY”);
>> },
>>
>>
>>
>>
>> Or--
>>
>>
>>
>> headers: {
>> "Authorization": "MY_PRIVATE_KEY”,
>> "my-second-header": "second value”
>> },
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/webobjects-dev/samuel%40samkar.com
>>
>> This email sent to sam...@samkar.com
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
