Read-API access via Javascript / jQuery
-
Hey Guys!
I'm trying to experiment with the NodeBB API. And I want to receive the data via jQuery.
var rest_url = "https://my.nodebb.net/api/topic/10/my-title-here"; var json_object = []; function get_posts_from(rest_url, callback){ fetch(rest_url) .then(res => res.json()) .then((out) => { //DEBUG START console.log(out); //Debug END json_object = out; callback(); }).catch(err => console.error(err)); }I receive this error:
No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.Is this just a config problem of the nginx server or do I have to adjust some settings in NodeBB to?
Another question is: Do I need the
csrf_tokenfromhttps://my.nodebb.net/api/configfor the read-api too or is it just for the write API?I also added
*toAccess-Control-Allow-Originin ACP -> Settings -> Advanced. It didn't work.Greets
Solution
I added
Access-Control-Allow-Originto the site configuration via ngnix.Open your configuration of the page e.g.
my.nodebb.net.confin/etc/nginx/sites-available.There should already be a
location /block.Paste this into the existing block:
if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; }THIS ALLOWS THE ORIGIN FROM * (everywhere) ITS NOT RECOMMENDED FOR PRODUCTION INSTANCES. I just use this to test my code locally on my machine.
