I upgrade discourse yesterday and I get all the API callbacks with error I have found that the problem is the autentications headers (1) but I trying with some calls and I get this error: Access to XMLHttpRequest at 'https://mydomain.com/notifications.json?username=admin' from origin 'https://mydom…

You may need to have CORS setup in your site settings?

Yes, I have added the domain where I call the API in discourse settings, but that error about field api-username, I dont know when I have to resolve.

[image] pablogg: I using Vue "Api-Key":"xxxxxxxxxxxxxxxxx", "Api-Username": "system", You are putting your system API key in client side code? :scream: This means that anyone can grab it from your Javascript code and use it to completely own your forum. Any Ajax HTTP requests to Discourse…

Not just a testing , I am using the username Vue.http .get( "https://discourse.mydomain.com/notifications.json?username="+input.username, { headers: { "Api-Key":"xxxxxxxxxxxxxxxxxxxxxx", "Api-Username": input.username } } ) But I g…

Let me repeat what I said: [image] RGJ: Any Ajax HTTP requests to Discourse should be leveraging an existing session That means: no authentication headers. At all.

You really should not be using these API credentials for CORS requests which is why that header field is not allowed. [image] CORS error accessing API from javascript application dev Oh, so you are trying to make this request from a client-side javascript application? Tha…

I have read the User API keys specification … In my case I have SSO with a frontend app in javascript, Could I consuming the API without using the authorization UI for every user? I would like a way that a could use de api-username … is that possible? Regards

could you solve this? Thank you!

In the end, I went back to the previous version of Discourse so I didn’t have to change all the API integration

Erreur CORS Access-Control-Allow-Headers avec l'API après la mise à jour de Discourse

Soutien

blake (Blake Erickson) Avril 12, 2020, 6:24 7

You really should not be using these API credentials for CORS requests which is why that header field is not allowed.

However we do allow the user-api headers in CORS:

3 « J'aime »

Sujet		Réponses	Vues
CORS error accessing API from javascript application Development	11	3836	Avril 9, 2023
API CORS Headers Incorrect Support	11	3024	Juin 8, 2023
Having issue accessing the Discourse APIs from react app Development rest-api	6	894	Avril 10, 2023
Getting an error while trying to fetch individual posts General	1	904	Avril 14, 2022
Issue with Api Development	1	906	Août 16, 2022

Erreur CORS Access-Control-Allow-Headers avec l'API après la mise à jour de Discourse

Sujets connexes