Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myapop-test.apigee.net/csa-api/postNewItem. (Reason: CORS header 'Access-Control-Allow-Origin' missing) Using Javascript, I’m getting this error when I send a call to my api using the following: ajax.setRequestHeader("Content-Type", "application/json;charset=UTF-8") ajax.setRequestHeader('Access-Control-Allow-Headers', '*'); The best conclusion I have found is that I have to setup some kind of policy in Apigee to allow my server to make calls to the API. My API is written in Node.js. Is there any videos or step-by-step links that will help me figure out the problem? I’m really stuck and this is my first attempt at building an API, so I feel lost trying to track down the issue.
you can easily add CORS headers either in your nodejs [https://github.com/expressjs/cors]
or in apigee using policies, refer to this thread here, [see answer from Maruti and a sample proxy]
https://community.apigee.com/questions/3138/cors-policy-in-my-api-proxy-when-using-oauth-20.html
My first attempt is to follow your 1st suggestion, but I doubt this is what you are really suggesting:
var argo = require('argo'); var express = require('express'); var usergrid = require('usergrid'); var cors = require('cors'); var app = express(); app.use(express.logger('dev')); app.use(express.bodyParser()); app.use(app.router); app.use(cors());
*** Error: Cannot find module 'cors' at module.js:340 at module.js:280 at module.js:364 at require (module.js:380) at /organization/environment/api/server-usergrid.js:5 at module.js:456 at module.js:474 at module.js:356 at module.js:312 at module.js:497 at startup (trireme.js:142) at trireme.js:923
Is CORS part of the Apigee public API server ?
yes, that was my suggestion -> cors node module is not part of apigee, so you will have to bundle it during your deployment in node_modules folder, how are you deploying your code to apigee?
for instance,
you could download your proxy, unzip it, you will find resources/node folder.. in there do 'npm install cors --save', this would have created a node_modules folder -> zip the node_modules folder, now zip the apiproxy.zip [2 levels up ]folder and import it to apigee [Import using new revision]
or follow the other thread, you could use AssignMessage policy to set the response headers before going out of apigee
Thanks,
I'm using Apigee Dashboard to work on the API. Under the script tab there is a node.js folder, in there I have 3 files:
1- package.json
2- server-usergrid.js
3- mainController.js
How and where do I create a "node_modules folder"? How do you get the npm for CORS to run?
Ok, in this case, the easiest option for you to use the 'apigeetool', pls refer to the usage here - you can start with your nodejs script
http://apigee.com/docs/api-services/content/deploying-standalone-nodejs-app
--
Once you become familiar with apigee proxy structure, pls review this section
http://apigee.com/docs/api-services/content/adding-nodejs-existing-api-proxy
Basically, you can download the proxy and add more resources and upload it back [uploading node_modules is not supported in the UI]
Thanks,
Mukundha
I have downloaded the apiproxy.zip. What files do I add and where do I add it to, before zipping it backup?
> unzip it,
> you will find apiproxy/resources/node folder
> in there do 'npm install cors --save', this would have created a node_modules folder
> now zip the apiproxy folder [2 levels up ]
> import it to apigee [Import using Project -> Import New revision]
I followed your instructions and I'm still getting the exact same error:
18:17:31.057 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myApp-test.apigee.net/csa-api/postNewItem. (Reason: CORS header 'Access-Control-Allow-Origin' missing).1 <unknown>
I un-deloyed version 1 and deployed version 2.
My scripts folder is now filled up with all the new CORS files so I know they have been placed in the correct position, correct?
Any other suggestions? I was hoping this would be simple.
yes, its pretty simple.. not sure whats going on - -can you attach your proxy?
I have attached the apipolicy.zip. FYI, the ClientID and Secret are fake numbers,the URL is also not real.
Here is the Javascript code I'm testing:
function createPartner() { var createPartnerObj = { 'usertype':$('#select-choice-1').val(), 'username':$('#create_partner_username').val(), 'name':$('#create_partner_name').val(), 'password':$('#create_partner_password').val(), 'company_name':$('#create_partner_company_name').val(), 'phone':$('#create_partner_phone').val(), 'email':$('#create_partner_email').val(), 'business_address':$('#create_partner_business_address').val(), 'contactperson':$('#create_partner_contact_person').val() } postNewPartner(createPartnerObj); }
//=========================================== function postNewPartner(createUserObj) { var ajax = new XMLHttpRequest(); var tempJSON = JSON.stringify(createUserObj); tempJSON2 = tempJSON.replace(/"/g, '\''); ajax.open("POST", "http://myApp.apigee.net/csa-api/postNewUser", true); ajax.setRequestHeader("Content-Type", "application/json;charset=UTF-8"); ajax.setRequestHeader('Access-Control-Allow-Headers', '*'); //ajax.setRequestHeader('Content-type','application/x-www-form-urlencoded'); ajax.send(tempJSON2); ajax.onreadystatechange=function(){ if(ajax.readyState==4 && (ajax.status==200)){ console.log("partner.js:: postNewPartner success ajax.responseText = "+ajax.responseText); var obj = $.parseJSON(ajax.responseText); var myArr = JSON.parse(ajax.responseText); console.log("partner.js:: postNewPartner success obj = "+obj); } }; }
Thanks for the CORS policy. Unfortunately a new error has popped up. It's looking for a token. I thought by supplying the ClientID and Secret info inside the Node Aoigee client that was enough. Do I need a token?
Error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://childsafetyapp-test.apigee.net/csa-api/postNewUser. (Reason: missing token 'access-control-allow-headers' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel). <unknown> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://childsafetyapp-test.apigee.net/csa-api/postNewUser. (Reason: CORS request failed).
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |