I upgrade discourse yesterday and I get all the API callbacks with error I have found that the problem is the autentications headers (1) but I trying with some calls and I get this error: Access to XMLHttpRequest at 'https://mydomain.com/notifications.json?username=admin' from origin 'https://mydom…

You may need to have CORS setup in your site settings?

Yes, I have added the domain where I call the API in discourse settings, but that error about field api-username, I dont know when I have to resolve.

[immagine] pablogg: I using Vue "Api-Key":"xxxxxxxxxxxxxxxxx", "Api-Username": "system", You are putting your system API key in client side code? :scream: This means that anyone can grab it from your Javascript code and use it to completely own your forum. Any Ajax HTTP requests to Discou…

Not just a testing , I am using the username Vue.http .get( "https://discourse.mydomain.com/notifications.json?username="+input.username, { headers: { "Api-Key":"xxxxxxxxxxxxxxxxxxxxxx", "Api-Username": input.username } } ) But I g…

Let me repeat what I said: [immagine] RGJ: Any Ajax HTTP requests to Discourse should be leveraging an existing session That means: no authentication headers. At all.

You really should not be using these API credentials for CORS requests which is why that header field is not allowed. [immagine] CORS error accessing API from javascript application dev Oh, so you are trying to make this request from a client-side javascript application? …

I have read the User API keys specification … In my case I have SSO with a frontend app in javascript, Could I consuming the API without using the authorization UI for every user? I would like a way that a could use de api-username … is that possible? Regards

could you solve this? Thank you!

In the end, I went back to the previous version of Discourse so I didn’t have to change all the API integration

Errore CORS Access-Control-Allow-Headers con API dopo l'aggiornamento di Discourse

Supporto

blake (Blake Erickson) 12 Aprile 2020, 6:24pm 7

You really should not be using these API credentials for CORS requests which is why that header field is not allowed.

However we do allow the user-api headers in CORS:

3 Mi Piace

Argomento		Risposte	Visualizzazioni
CORS error accessing API from javascript application Development	11	3836	Aprile 9, 2023
API CORS Headers Incorrect Support	11	3024	Giugno 8, 2023
Having issue accessing the Discourse APIs from react app Development rest-api	6	894	Aprile 10, 2023
Getting an error while trying to fetch individual posts General	1	904	Aprile 14, 2022
Issue with Api Development	1	906	Agosto 16, 2022

Errore CORS Access-Control-Allow-Headers con API dopo l'aggiornamento di Discourse

Argomenti correlati