XF 2.1 Enable CORS for the built-in API

S

SurferJon

Active member
Good day, I'm trying to develop an app that is going to fetch data from my forum using the built-in API, I'm developing this app in my local environment using Angular but when trying to request data from the API I get the "No 'Access-Control-Allow-Origin' header is present on the requested resource" error.

I wonder if there is an option or what can I do to enable CORS for this API? I need this because I'm going to use the app on some different websites.

Thanks in advance.
 
This isn't something that the API exposes at this time. It doesn't have any handling for the OPTIONS method, for example. It's something you would need to implement, perhaps at the web server level or via a middleware/proxy for the API.

Note that the API currently isn't really designed with this particular use case in mind, unless you've added additional things on top of it. This would expose API keys to the client directly and these aren't time limited, so they could be easily taken and used in a different scenario by an attacker. (I assume you're not using a super user key with this, as that would allow accessing data as any user.)
 
You must log in or register to reply here.

Similar threads

N
  • Question Question
XF 2.2 API request returning File Not Found
Replies
2
Views
162
notatardis
N
GameNet
  • Suggestion Suggestion
Manage API Access Tokens section in account settings
Replies
7
Views
836
GameNet
GameNet
L
  • Question Question
XF 2.2 Thread creation API suddenly doesn't work
Replies
4
Views
412
lpickup
L
B
XF 2.2 adding FirstPost to API results
Replies
1
Views
299
bob2bob
B
Tohru
XF 2.2 Use XF session to verify via curl
Replies
0
Views
512
Tohru
Tohru
Top Bottom