How to access req and res objects in hooks?

NodeBB Plugins

Suggested Topics

  • 0 Votes
    5 Posts

    @aisar-g I know what you're referring to, though. The ideal scenario would be saving stuff to res.locals and then referring to that data in getReplies.

    Unfortunately, neither of those hooks pass req or res, and while we were looking into something like that before (see: continuation-local-storage), it did not ultimately pan out.

  • 0 Votes
    1 Posts

    Hey Guys!

    I'm trying to experiment with the NodeBB API. And I want to receive the data via jQuery.

    var rest_url = ""; var json_object = []; function get_posts_from(rest_url, callback){ fetch(rest_url) .then(res => res.json()) .then((out) => { //DEBUG START console.log(out); //Debug END json_object = out; callback(); }).catch(err => console.error(err)); }

    I receive this error:

    No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

    Is this just a config problem of the nginx server or do I have to adjust some settings in NodeBB to?

    Another question is: Do I need the csrf_token from for the read-api too or is it just for the write API?

    I also added * to Access-Control-Allow-Origin in ACP -> Settings -> Advanced. It didn't work.



    I added Access-Control-Allow-Origin to the site configuration via ngnix.

    Open your configuration of the page e.g. in /etc/nginx/sites-available.

    There should already be a location / block.

    Paste this into the existing block:

    if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; }

    THIS ALLOWS THE ORIGIN FROM * (everywhere) ITS NOT RECOMMENDED FOR PRODUCTION INSTANCES. I just use this to test my code locally on my machine.

  • 0 Votes
    4 Posts

    @julian Thanks this did the trick!

    I used it like this in my client side code:

    <input id="csrfToken" type="hidden" name="_csrf" value="" /> ... $(window).on('action:ajaxify.end', function(data) { require(['csrf'], function(csrf) { var csrfToken = csrf.get(); console.log('obtained csrfToken: ' + csrfToken); $('#csrfToken').val(csrfToken); }); });

    @yariplus I'm not really sure about your specific question. I have a feeling that the csrf tokens are generated based on a csrfSecret that is stored in the user's session. You could check that the session has this loaded on the server side with this:

    var util = require('util'); console.log('user session' + util.inspect(req));

    For me, this results in:

    user session: { cookie:
    { path: '/',
    _expires: Sun Nov 22 2015 09:52:23 GMT-0800 (PST),
    originalMaxAge: 1209599988,
    httpOnly: true },
    csrfSecret: '70lFS_InV_56D1gvV9TDKgJX',
    flash: {},
    passport: { user: 1 } }

  • 0 Votes
    6 Posts

    @akumbhare It will be available in v0.7.0.