Closed tdelmas closed 9 years ago
Seems reasonable. I was opposed to this at first because it would result in whitelisting every domain like so,
Access-Control-Allow-Origin: *
However thinking about it all the API does is allow getting of information so it shouldn't be an issue. I will implement it now.
Thanks a lot (140 characters was not enough to detail all implications !)
I dont suppose you have any experience in setting this up in nginx? I was playing around with it then and set the following,
add_header 'Access-Control-Allow-Origin' "$http_origin";
inside the default location / and then tried the following,
$.ajax("https://searchcode.com", { type: 'get', contentType: "application/json", accept: "application/json" }).success(function(data){ console.log("success!", data); }).fail(function(jqxhr, statusText){ console.log("fail!", jqxhr, statusText); })
however no luck. Oddly a check of the headers shows that it should be working as expected,
`MacBook-Pro:~ boyter$ curl -H "Origin: http://test.com" --verbose https://searchcode.com/api/related_results/95217/
GET /api/relatedresults/95217/ HTTP/1.1 User-Agent: curl/7.37.1 Host: searchcode.com Accept: /_ Origin: http://test.com
< HTTP/1.1 200 OK
Not sure what is going on here.
No problem, I should be grateful.
Yes, I have separate locations for the API calls since I need to set the content type. This was just playing around to see if I could get it working first. I set it there as well with no luck. Will try again a bit later.
$http_origin would set it to display that the Allow-Origin to be only whoever is making the call. Supposedly its a bit nicer for the consuming application since it looks like its just for them. I only changed it because * appeared not to be working.
I will play around with it a bit more.
Ok, thank you for trying ! If you have anymore questions, don't hesitate.
I've add an experimental option to test it on http://searchcode.tdelmas.ovh
Excellent. This will help. I will be looking to push this out soonish. Just trying to add some integration tests over it to ensure it is not rolled back at some point.
Ok this should be done. Let me know how it works out for you and I can close this one down.
yes, perfect ! Thanks a lot
For future reference,
curl -H "Origin: http://test.com" --verbose https://searchcode.com/api/related_results/95217/
Please add the following header to the JSON API response : Access-Control-Allow-Origin: * This header allow any origin to read the answer.
Links :