I upgrade discourse yesterday and I get all the API callbacks with error I have found that the problem is the autentications headers (1) but I trying with some calls and I get this error: Access to XMLHttpRequest at 'https://mydomain.com/notifications.json?username=admin' from origin 'https://mydom…

You may need to have CORS setup in your site settings?

Yes, I have added the domain where I call the API in discourse settings, but that error about field api-username, I dont know when I have to resolve.

[imagem] pablogg: I using Vue "Api-Key":"xxxxxxxxxxxxxxxxx", "Api-Username": "system", You are putting your system API key in client side code? :scream: This means that anyone can grab it from your Javascript code and use it to completely own your forum. Any Ajax HTTP requests to Discours…

Not just a testing , I am using the username Vue.http .get( "https://discourse.mydomain.com/notifications.json?username="+input.username, { headers: { "Api-Key":"xxxxxxxxxxxxxxxxxxxxxx", "Api-Username": input.username } } ) But I g…

Let me repeat what I said: [imagem] RGJ: Any Ajax HTTP requests to Discourse should be leveraging an existing session That means: no authentication headers. At all.

You really should not be using these API credentials for CORS requests which is why that header field is not allowed. [imagem] CORS error accessing API from javascript application dev Oh, so you are trying to make this request from a client-side javascript application? Th…

I have read the User API keys specification … In my case I have SSO with a frontend app in javascript, Could I consuming the API without using the authorization UI for every user? I would like a way that a could use de api-username … is that possible? Regards

could you solve this? Thank you!

In the end, I went back to the previous version of Discourse so I didn’t have to change all the API integration

Erro CORS Access-Control-Allow-Headers com API após atualizar o Discourse

Suporte

blake (Blake Erickson) Abril 12, 2020, 6:24pm 7

You really should not be using these API credentials for CORS requests which is why that header field is not allowed.

However we do allow the user-api headers in CORS:

3 curtidas

Tópico		Respostas	Visualizações
CORS error accessing API from javascript application Development	11	3836	9 de Abril de 2023
API CORS Headers Incorrect Support	11	3024	8 de Junho de 2023
Having issue accessing the Discourse APIs from react app Development rest-api	6	894	10 de Abril de 2023
Getting an error while trying to fetch individual posts General	1	904	14 de Abril de 2022
Issue with Api Development	1	906	16 de Agosto de 2022

Erro CORS Access-Control-Allow-Headers com API após atualizar o Discourse

Tópicos relacionados