XF 2.1 Enable CORS for the built-in API

S

SurferJon

Active member
Good day, I'm trying to develop an app that is going to fetch data from my forum using the built-in API, I'm developing this app in my local environment using Angular but when trying to request data from the API I get the "No 'Access-Control-Allow-Origin' header is present on the requested resource" error.

I wonder if there is an option or what can I do to enable CORS for this API? I need this because I'm going to use the app on some different websites.

Thanks in advance.
 
This isn't something that the API exposes at this time. It doesn't have any handling for the OPTIONS method, for example. It's something you would need to implement, perhaps at the web server level or via a middleware/proxy for the API.

Note that the API currently isn't really designed with this particular use case in mind, unless you've added additional things on top of it. This would expose API keys to the client directly and these aren't time limited, so they could be easily taken and used in a different scenario by an attacker. (I assume you're not using a super user key with this, as that would allow accessing data as any user.)
 
You must log in or register to reply here.

Similar threads

X
XF 2.2 view_url in API
Replies
0
Views
23
x6011718
X
M
  • Question Question
XF 2.2 Restricting ads with the built in ad system
Replies
2
Views
362
MadFlava
M
Joe Link
  • Question Question
XF 2.2 Can I use the built-in tooltip system for tappable mobile tooltips?
Replies
2
Views
683
Joe Link
Joe Link
alternadiv
Add-on Improvements to the built in paid user upgrades system
Replies
0
Views
318
alternadiv
alternadiv
Frode789
  • Question Question
XF 2.0 Quick question about the built in ad manager in XF2
Replies
4
Views
1K
Frode789
Frode789
Back
Top Bottom