Closed omarruben closed 2 years ago
Keukhan
commented
3 years ago @omarruben
Have you tested on the latest version of Chrome? We are aware that the CORS issue you reported has been occurring since the recent Chrome security update. As a workaround right now, use the https protocol or use a different browser.
Thanks.
omarruben
commented
3 years ago I did, other browsers, updated versions.. still same error
dimiden
commented
3 years ago @omarruben Since the OME API does not have CORS settings, it can be a problem if the browser calls the OME's API directly. I will review whether to add CORS settings to the API server.
To add one explanation, the recent Chrome update has caused CORS errors for non-HTTPS URLs in certain situations. It's a problem that occurs even though the CORS header is set, and the same problem is occurring not only in OME but also in Apache-based HTTP servers, so we are looking for workaround.
basisbit
commented
3 years ago As mentioned in previous issues about the API not supporting CORS: imho this is a feature, not a bug. Webclients should never query that API. Instead, you should put some proxy or relay in between which handles authentication/authorization using some temporary json web token or similar. Otherwise it is a) very easy to overload your server using DoS, b) very easy to get the API token which the webclient uses to query the API.
However, the documentation so far does not mention this, which probably leads to many users of OME using it in an insecure way...
omarruben
commented
3 years ago thank you, how I can use push video from OvenMediaEngine to ... Youtube using RTMP without using the API? , some configuration file??
basisbit
commented
3 years ago You can use the API, but at least put an Nginx reverse proxy or similar in front of that admin web interface, which handles user authentication. You can then have Nginx set the necessary header using something like add_header Access-Control-Allow-Origin *;
dimiden
commented
2 years ago @omarruben I just implemented this feature and hope it works well! f82a315a8f4c6c5757b1d6142e16934e243634ad
dimiden
commented
2 years ago I reopened this task to close when it was confirmed that the problem was solved.
getroot
commented
2 years ago I'm closing this issue because it has been inactive for a long time since it was resolved. Please reopen this issue for further discussion.
BenhinMwendwa
commented
6 months ago How do you solve the error of being blocked by CORS POLICY ..........this is the error (Access to fetch at 'https://saavn.dev/api/songs' from origin 'http://127.0.0.1:5500/' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. index.js:32
Hi, i have the server under 192.168.1.190, did all configurations and working perfect I am trying to use PUSH features, but I need the API working... I did.
when I call using AXIOS from other computer on the same network:
axios.post(http://192.168.1.190:8081/v1/vhosts/default/apps/app:pushes, { title: "test", description: "description", }, { headers: {
'Content-Type': 'application/json', authorization :"Basic "+ btoa("urbano14") } } ).then(function (response){ console.log(response); }).catch(function (error){ console.log(error);
I got CORS error , "Access-Control-Allow-Origin’ missing" , where or how do I configure this on the server.xml? thank you for your help...