Cross-Origin Resource Sharing (CORS) for HTTP in

controlCloud · October 29, 2012, 2:26pm

Hi any chance this could be added to HTTP in as this would allow Ajax updates to planner. Ajax seems to work fine desktop browsers, but soon stops after a few attempts on iOS iphone/pad.

I think Safari on iOS doesn’t deal well with the error
XMLHttpRequest cannot load https://api.electricimp.com/v1/[id]/[id]?value=31.
Origin https://[my site] is not allowed by Access-Control-Allow-Origin.

My understanding all is need is the response header needs to return
Access-Control-Allow-Origin: [request site host name] or “*”

Thanks

tbyrne · January 4, 2013, 7:13pm

Hi controlCloud,

That’s actually a JavaScript “feature” for security. Check out a short explanation here: http://stackoverflow.com/questions/2558977/ajax-cross-domain-call. I’ve found that often the request will be sent anyway; it depends on your security settings.

If you need a way around, you can have your javascript make a request back at the server that served you the javascript, then use a server-side language like PHP to handle the cross-domain request. Here’s a simple (hacky) php script that will pass the value along (POST the value to the php script):

1 <?php
2 $impURL = “https://api.electricimp.com/v1/foo/bar”;
3 $value = $_POST[‘value’];
4
5 $response = file_get_contents($impURL."?value=".$value);
6 ?>

controlCloud · January 5, 2013, 4:21am

Thanks I completely misunderstood cross-origin thinking I had to put the html page! That said chrome seems to allow cross-origin when using Ajax call’s to HTTPin on e.imp. Can’t wait for Agents.

ejeklint · February 8, 2013, 12:56pm

Will agents provide a way around this? It’s a royal PITA to have no RESTful API and only have forms posting to send in data…

ElectricEerk · June 6, 2014, 10:49am

Same problem here, I can’t call my agent URL invisibly with an ajax call from jQuery. What would be the best way to call agent URLs from a web page?

mjkuwp94 · June 6, 2014, 11:51am

you can use ajax. I have a few projects doing just that and I am sure many others have done it.

I have this line in my script code, I just copy/pasted from some other code that had it.

jQuery.support.cors = true;

maybe check out this post

rocky framework

back_ache · June 9, 2014, 9:16am

Browsers I’m sure will only get more sensitive to this because of fears of cross-site scripting.

I think @tbyrne 's idea of making your webserver “reverse proxy” the imp’s is a good way forward

beardedinventor · June 9, 2014, 11:43am

You can also use the “Access-Control-Allow-Origin” header (see this post).

While our examples typically use “Access-Control-Allow-Origin: *” - this can be somewhat dangerous. You can also specificy a specific domain to allow the requests to come from - so if your webpage’s URL that is communicating with teh agent is foo.com, you can set a header in the response to say “Access-Control-Allow-Origin: foo.com”