Closed dakom closed 6 years ago
We're looking into adding CORS support now. We may just be able to do this at the Apache level (researching security implications).
In the meantime, we support cross domain API requests with JSONP. In your example you should just be able to change to the data type to "JSONP" and add "?callback=?" to the requested URL. https://learn.jquery.com/ajax/working-with-jsonp/
Here's another example using some slightly different jQuery syntax: https://github.com/blockspeiser/Sefaria-Project/blob/master/templates/static/random-walk-through-torah.html#L53
Cool, will try the workarounds in the meantime- thanks! :)
CORS is now open on https://www.sefaria.org.
Problem
Currently, the api cannot be used within javascript from third-party sites. Consider the following example run from a staging server on http://localhost:8080 (not sefaria.org):
The result is a "fail" alert and this error in the console:
For something like a GET/JSON API - I think setting the Access-Control-Allow-Origin header to "*" should be available and made to be secure.
I'm not familiar with the codebase here, or really python, but just looking at where content-type is set it seems that
Access-Control-Allow-Origin: *
can be added to wherever the Content-Type is set to "application/json", like maybe:https://github.com/blockspeiser/Sefaria-Project/blob/master/sefaria/client/util.py#L52 and https://github.com/blockspeiser/Sefaria-Project/blob/master/reader/views.py#L766
?