Read-API access via Javascript / jQuery



  • Hey Guys!

    I'm trying to experiment with the NodeBB API. And I want to receive the data via jQuery.

    
    var rest_url = "https://my.nodebb.net/api/topic/10/my-title-here";
    var json_object = [];
    
    function get_posts_from(rest_url, callback){
      fetch(rest_url)
          .then(res => res.json())
          .then((out) => {
    
            //DEBUG START
            console.log(out);
            //Debug END
    
    
            json_object = out;
            callback();
    
      }).catch(err => console.error(err));
    }
    

    I receive this error:

    No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
    

    Is this just a config problem of the nginx server or do I have to adjust some settings in NodeBB to?

    Another question is: Do I need the csrf_token from https://my.nodebb.net/api/config for the read-api too or is it just for the write API?

    I also added * to Access-Control-Allow-Origin in ACP -> Settings -> Advanced. It didn't work.

    Greets


    Solution

    I added Access-Control-Allow-Origin to the site configuration via ngnix.

    Open your configuration of the page e.g. my.nodebb.net.conf in /etc/nginx/sites-available.

    There should already be a location / block.

    Paste this into the existing block:

    if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
    
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
         }
         if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
         }
         if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
         }
    

    THIS ALLOWS THE ORIGIN FROM * (everywhere) ITS NOT RECOMMENDED FOR PRODUCTION INSTANCES. I just use this to test my code locally on my machine.


Log in to reply
 

Suggested Topics

| |