Buy Hosting

Read-API access via Javascript / jQuery

Solved NodeBB Plugins
  • dogsD

    Hey Guys!

    I'm trying to experiment with the NodeBB API. And I want to receive the data via jQuery.

    
var rest_url = "https://my.nodebb.net/api/topic/10/my-title-here";
var json_object = [];

function get_posts_from(rest_url, callback){
  fetch(rest_url)
      .then(res => res.json())
      .then((out) => {

        //DEBUG START
        console.log(out);
        //Debug END


        json_object = out;
        callback();

  }).catch(err => console.error(err));
}

    I receive this error:

    No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

    Is this just a config problem of the nginx server or do I have to adjust some settings in NodeBB to?

    Another question is: Do I need the csrf_token from https://my.nodebb.net/api/config for the read-api too or is it just for the write API?

    I also added * to Access-Control-Allow-Origin in ACP -> Settings -> Advanced. It didn't work.

    Greets

    Solution

    I added Access-Control-Allow-Origin to the site configuration via ngnix.

    Open your configuration of the page e.g. my.nodebb.net.conf in /etc/nginx/sites-available.

    There should already be a location / block.

    Paste this into the existing block:

    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';

        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
     }

    THIS ALLOWS THE ORIGIN FROM * (everywhere) ITS NOT RECOMMENDED FOR PRODUCTION INSTANCES. I just use this to test my code locally on my machine.

    0

Suggested Topics

Copyright © 2023 NodeBB | Contributors