Recent Topics

How to add CORS to the b2evo API feature (v6.11.2)

Started by on Jul 25, 2019 – Contents updated: Aug 02, 2019

Jul 25, 2019 00:41    

I'm doing an exercise to see what's possible with the API, using Angular, on a locally installed copy of b2evo. I've tested out the API endpoints with Insomnia, and all those I've tried are responding as expected.

Having got an Angular instance installed and provided it with a connection string, I'm seeing the (expected) error message in Chrome

Access to XMLHttpRequest at 'http://192.168.*.**/b2evo/api/v1/collections/a/posts/' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I can't see anything in the back office that might relate to how to set a CORS policy for the API, nor can I see anything in the documentation, or here. Does anything like this exist in a readily accessible form, or is it something that requires a more heavyweight intervention?

Jul 26, 2019 22:49

CORS is a messy subject.

Please try with the 7.0Dev branch from github. We have made some changes that did solve the CORS issue for us.

Jul 26, 2019 23:21

Thanks Francois, I'll take a look.

Jul 28, 2019 00:26

I had no immediate success with that - it errors in the same way.

Jul 28, 2019 14:59

Sorry, that was a bit brief last night, it was late.

So I've installed the latest b2evo branch at 7.0dev, whilst making no other changes from what is a default install with the sample data in it. I still have access to the API via Insomnia, and when accessed in the browser (Chrome latest, and others), I'm seeing the same error message as above in the console.

The b2evo instance is running on my QNAP device, and having checked minimum PHP requirements for b2evo 7.0dev, and look to be meeting what's required at PHP Version 5.6.36. I'm assuming it would have baulked at the install stage if that would have been insufficient.

What I'd like to understand is something more about the changes that you made to make CORS work for yourselves, and the default response that this puts in place. Could you:

  1. Describe those changes for me, along with the default response expectation
  2. Tell me which files they are implemented in, so I can have a quick look and see if I can understand it.
  3. Let me know what I'd need to change to on my instance to make it 'Allow Any Origin'. 'Allow Any Method' and 'Allow Any Header'.

Thanks

Aug 02, 2019 01:05

@chris_of_arabia sorry, I'm overwhelmed with Pro Client support. I don't have time to dig into this (very complex) issue right now.


Form is loading...

Advanced CMS – This forum is powered by b2evolution CMS, a complete engine for your website.