Rest API Cross-origin resource sharing (CORS) #146

pvk-developer · 2019-05-31T08:50:17Z

ATM version: 0.2.0 / and previous
Python version: 3.6
Operating System: Ubuntu 18.04

Description

When you launch an ajax call to the REST API, you are getting blocked by CORS because there is a missing header.

What I Did

Create an dataset.
Launch the worker to populate the database.
Start an ATM API server.
Launch an ajax GET call to the API.

Then you are being blocked by CORS policy:

Access to XMLHttpRequest at 'http://127.0.0.1:5000/api/datasets/1' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Solution

In order to solve this problem, CORS headers for Access-Control-Allow-Origin and Access-Control-Allow-Credentials must be added to the response for each request:

    # Allow the CORS header
    @app.after_request
    def add_cors_headers(response):
        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers['Access-Control-Allow-Credentials'] = 'true'
        return response

The text was updated successfully, but these errors were encountered:

pvk-developer mentioned this issue May 31, 2019

Issue 146 Rest Api CORS #147

Merged

pvk-developer self-assigned this Jun 10, 2019

csala closed this as completed in #147 Jun 19, 2019

csala added this to the 0.2.1 milestone Jun 19, 2019

csala added the enhancement label Jun 19, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rest API Cross-origin resource sharing (CORS) #146

Rest API Cross-origin resource sharing (CORS) #146

pvk-developer commented May 31, 2019

Rest API Cross-origin resource sharing (CORS) #146

Rest API Cross-origin resource sharing (CORS) #146

Comments

pvk-developer commented May 31, 2019

Description

What I Did

Solution