Access Control - Calling Agent from a web app

nigelibrown · February 11, 2013, 9:33am

When calling my Agent via POST from javascript on my website I am getting no response from Firefox and a warning each time from Explorer “This page is accessing information that is not under its control. This…” Can anyone explain the correct protocol for doing this please?

controlCloud · February 11, 2013, 10:10am

Assume you are running the web page from your web site then connecting to Agent? Do you run FireBug? Are you using a HTML Form POST or using JavaScript?

nigelibrown · February 11, 2013, 10:27am

My webpage is calling imp agent (not on same domain). I am using javascript. and I can invoke using:

XMLHttpRequest.open( “http://agent.electricimp.com/key”, “POST” )
XMLHttpRequest.setRequestHeader( “Origin”, “http://www.mywebdomain” )
XMLHttpRequest.setRequestHeader( “Content-Length”, “12” )
XMLHttpRequest.setRequestHeader( "Content-Type, “application/x-www-form-urlencoded” )
XMLHttpRequest.send(“temperature?”)

and in an agent I use:

    res.header( "Access-Control-Allow-Origin", "http://www.mywebdomain" );        
    res.header( "Access-Control-Allow-Methods", "POST" );
    res.header( "Access-Control-Allow-Headers", "Content-Type" );
    res.header( "Access-Control-Allow-Headers", "Content-length");
    res.send( 200, "The temperature at home is " + format( "%3.1fC", msg.temperature ) );

And this is partialy working in Firefox (no XML Headers returned), but gives warning in Explorer and then works.

controlCloud · February 11, 2013, 10:35am

Does using a wild card work?
res.header(“Access-Control-Allow-Origin: *”);
Have you missed the colon: at the end of each Origin,Methods etc

nigelibrown · February 11, 2013, 11:14am

Yes wildcard works in exactly the same way as domain. Yes I have missed the colons, think the IMP commands are inserting these as it fails completly if i put them in?

Sure this is something realy simple. Its just not jumping out at me.

peter · February 11, 2013, 11:31am

I don’t know whether it’s related to your actual problem, but this isn’t going to do what you expect:res.header( "Access-Control-Allow-Headers", "Content-Type" ); res.header( "Access-Control-Allow-Headers", "Content-length");

The agent HTTP implementation doesn’t deal with repeated headers. You need to combine those into a single header:res.header( "Access-Control-Allow-Headers", "Content-Type, Content-length");

Peter