Welcome to the SRP Forum! Please refer to the SRP Forum FAQ post if you have any questions regarding how the forum works.

chrome - developer tools - console

BarryStevensBarryStevens
in SRP HTTP Framework
Seeing the following and just wondering if anyone can shed light on whether you see any pending issues or know of any setting that needs to be set.
Running as a frameworks _API

Comments

  • BarryStevensBarryStevens
    particularly interested in the CORS error section. "access-control-allow-origin" ? where can that be set?
  • JaredBratuJaredBratu
    CORS is a security protection in place by modern browsers that prevent one JavaScript app running in the browser from accessing resources on a different server unless that server specifically allows access. In your case, the app-directory.s3.amazonaws.com server isn't configured to allow access to apps running on HTTP://remote.fespl.com.au (the page you are viewing). Because the AWS server doesn't allow cross origin access to the resource (access from your local server app to their server resource) the browser blocks access to it. If you could control the app-directory.s3.amazonaws.com server you could add the 'access-control-allow-origin' to allow your local app to read the resource but since you probably can't you won't be able to access the resource from JavaScript running inside your page.
  • BarryStevensBarryStevens
    Thank you so much.
  • BarryStevensBarryStevens
    Is this a common issue you have seen. It does not appear to be causing any application issue that I can see.
    Maybe form formatting or something. Is it a 'resource' that should be 'installed' on the local server do you think.
  • DonBakkeDonBakke
    @BarryStevens perhaps this won't help, but do you see these lines in the AuthenticateRequest service (from the HTTP_Authentication_Services module):
    // All response headers that need to be set, regardless of authentication, should be handled here. // 1. Access-Control-Allow-Origin must always be returned for CORS purposes. HTTP_Services('SetResponseHeaderField', 'Access-Control-Allow-Origin', '*')
  • BarryStevensBarryStevens
    @DonBakke Yes, thanks. Maybe this is why not seeing an actual issue when it gets to the app.
  • JaredBratuJaredBratu
    @BarryStevens In response to:

    >Is it a 'resource' that should be 'installed' on the local server do you think.

    No, it's a setting on the remote server for the resource you are trying to access. Specifically, the URL https://app-directory.s3.amazonaws.com/hootlet/launched-app-directory-apps.json doesn't have an access-control-allow-origin header that lets JavaScript running in your browser on your server from being accessed.
Sign In or Register to comment.