tryphotino/photino.Samples

fetch cross origin rest api

Opened this issue · 5 comments

de-peter commented

CORS is not working, because origin of fetch.get is null.
any idea?

ottodobretsberger commented

Could you provide us with a few more details on the issue? Which sample on which OS are you using? What are you trying to fetch?
Maybe you could post a code snippet illustrating the place where you encounter this problem.

de-peter commented

Hi,
i'm based on Photino.Vue-Sample, within JS-File (referenced in HTML-File) i'm doing a fetch to rest-api.
const response = await fetch(url, {
method: "get",
mode: "cors",
headers: {
"authorization": bearer,
"Content-Type": "application/json",
"Accept": "application/json",
}

In Developer-Tools i can see, that Origin-Header is null and Preflight-(Options)-Call is not working because of CORS.

It seems that it's not working because the html is loaded using Load("wwwroot/index.html")?

ottodobretsberger commented

Try loading it through a custom scheme handler, rather than a local path.
All browser engines usually lock down local path access for security purposes, but that could be a way around to manage what you're trying to achieve.

hbxtlhx commented

Photino.Angular.
I just upgrade to Angular 13:

[Error] Origin null is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. (runtime.01fec06f14767966.js, line 0)
[Error] Origin null is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. (polyfills.294bda16958ada30.js, line 0)
[Error] Origin null is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. (main.b4219935a53dd3ef.js, line 0)

Resolved:

<script src=... type="module"></script>

===>

<script src=... defer></script>
philippjbauer commented

One way to get around this issue is to start a localhost with ASP.NET (you can combine the ASP.NET template dotnet new webapp with Photino) and load your Angular app over the localhost connection.

Please refer to this SO thread on the topic: https://stackoverflow.com/questions/8456538/origin-null-is-not-allowed-by-access-control-allow-origin

This is a common issue when trying to load resources from the local filesystem and modern browser try to prevent malicious code to be executed from it.