How do I do cross-domain request


#1

Hi

I’m using jquery,
$.post(http://m2.exosite.com/onep:v1/rpc/process’, data, function() {
blahblahblah
});

default content-type isn’t application/json

so I change to use $.ajax() and set content type to application/json

then the request method is changed from POST(which I set) to OPTIONS.

Exosite doen’t support OPTIONS method and doesn’t support CORS(Cross-Origin Resource Sharing)

:frowning:


#2

Hi @ileadu,

It appears that you are trying to make a request to the One Platform via your browser. The platform is not configured to receive requests in this manner and doing this will not work properly. We do however allow browser communication via our Portals API. Much of the same functionality of the RPC is exposed via this API.

I don’t have a jQuery or Ajax example for you to leverage, but I do have some JavaScript that I used to create a custom widget that sends and XHR to register a new user on the Exosite system. Feel free to use/modify or delete it.

function(container, portal)
{

  function clearWidget(){
    while (container.hasChildNodes()) {
      container.removeChild(container.lastChild);
    }
  }
  // clear and then redraw the container
  function display(){
    clearWidget()
    container.appendChild(getSettingsBox())
    //container.appendChild(message)
  }
  // adding all the HTML elements here.
  function getSettingsBox(){
    var form = document.createElement('form')
    var title = document.createElement('h3')
    var titleText = document.createTextNode('Create User Form')

    var email = document.createElement('input')
    var emaildesc = document.createElement('p')
    var emailText = document.createTextNode('Email: ')

    var password = document.createElement('input')
    var passworddesc = document.createElement('p')
    var passwordText = document.createTextNode('Password: ')

    var Firstname = document.createElement('input')
    var firstdesc = document.createElement('p')
    var firstText = document.createTextNode('Firstname: ')

    var Lastname = document.createElement('input')
    var lastdesc = document.createElement('p')
    var lastText = document.createTextNode('Lastname: ')
    var lineBreak = document.createElement('br')

    var subButton = document.createElement('button')
    var subText = document.createTextNode("Submit")

    subButton.appendChild(subText)
    title.appendChild(titleText)
    emaildesc.appendChild(emailText)
    passworddesc.appendChild(passwordText)
    firstdesc.appendChild(firstText)
    lastdesc.appendChild(lastText)
    form.style.padding = '1em';
    emaildesc.style.margin = '0em';
    passworddesc.style.margin = '0em';
    firstdesc.style.margin = '0em';
    lastdesc.style.margin = '0em';
    form.appendChild(title)

    form.appendChild(emaildesc)
    form.appendChild(email)

    form.appendChild(passworddesc)
    form.appendChild(password)

    form.appendChild(firstdesc)
    form.appendChild(Firstname)

    form.appendChild(lastdesc)
    form.appendChild(Lastname)
    form.appendChild(lineBreak)
    form.appendChild(subButton)

    subButton.onclick=function(){createUser(email.value, password.value, Firstname.value, Lastname.value)};

    return form
  }
    //function createUser()
    function createUser(email, password, Firstname, Lastname)
    {

      var xmlHttp = null;

      // Creating the JSON blob to send to the API endpoint
      //var blob = '{"email": "newuser2@gmail.com", "password":"!Abc123", "Firstname": "Dave", "Lastname": "Smith"}';
      var blob = '{"email": "'+ email +'", "password":"'+ password +'", "Firstname": "'+ Firstname +'", "Lastname": "'+ Lastname +'"}';

      // Setup the Portals API call.
      xmlHttp = new XMLHttpRequest();
      xmlHttp.open( "POST", '/api/portals/v1/users', true);
      xmlHttp.setRequestHeader( 'Content-Type', 'application/json' );


      xmlHttp.onreadystatechange = function() {//Call a function when the state changes.
        if(xmlHttp.readyState == 4 ) { 
          console.log(xmlHttp.responseText);
          //alert(xmlHttp.responseText);
        }
      }

     xmlHttp.send(blob);

  }
    /*****
    * main code path starts here.
    *****/

    console.log('Widget has loaded... Fill out the form and press submit" to create a user...');
    display(); // For details about this message, p "lease visit: http://docs.exosite.com/portals/#create-user
    //createUser();

}

#3

Thanks a lot. I will study and try it.


#4

I’ve had great success writing a little HTTP gateway that accepts requests from browser applications, fixes up their headers, and calls the Exosite RPC API on the applications’ behalf. NODE.JS with the Request library works really well for this.


Ionic $http.get issues
#5

That’s how we’ve done this in the past as well for internal projects, but I just wanted to chime in with why we haven’t added support for cross origin requests directly to the onep.

Right now the only way to authenticate with the platform is to use a CIK. Having the CIK gives you full access to read, write, modify, and delete any resources that are under the associated client. This means that if you’re putting a CIK in the browser, anyone that has access to that page then has access to your CIK. In general we don’t want to support this method for using our platform as we see it as a significant security vulnerability.

We’re in the process of adding a new way to authenticate with the platform that will let you use other arbitrary credentials from external applications to authenticate with permissions set for what calls you’re allowed to make for a given CIK. This is still in the design and proof of concept stage so I don’t have a release date yet, but it is coming.

Also, if you are planning on doing this anyway despite the security problems, there’s now an easier way to do this than setting up a proxy server. We recently released a websocket API and webockets don’t seem to have the same CORS requirements. http://docs.exosite.com/websocket/ It works just like the JSON RPC API over HTTP, but with the addition of a ‘subscribe’ call that will let you listen for updates to individual dataports.