CORS headers

[ll4strw]

I am testing a JavaScript/JQuery app to interact with the API endpoints. In particular, I noticed that the authenticate endpoint response (and all other endpoint responses also?) misses the CORS header ‘Access-Control-Allow-Origin’, which causes my AJAX call to fail (the app runs on a different domain than the API server). Would it be possible to add a conf option that lets an admin set ad hoc response headers?

[korydraughn]

We are certainly looking into that. The current options are:

• Build it into the HTTP API
• Or, use a HTTP proxy (e.g. nginx, apache httpd)

Using a HTTP proxy offers the most flexibility and works today. Until we make a decision on this, please use a proxy.

We used nginx in the past. That should work perfectly for your needs. You can use the C++ REST API's nginx reverse proxy configuration as a reference.

• https://github.com/irods/irods_client_rest_cpp/blob/main/packaging/irods_client_rest_cpp_reverse_proxy.conf.template.in

The instructions for that file can be found here.

• https://github.com/irods/irods_client_rest_cpp?tab=readme-ov-file#starting-the-reverse-proxy-using-nginx

[ll4strw]

Thanks for the prompt reply. Indeed, option 2 is the better one for production envs, but 1 is useful for testing purposes.

[korydraughn]

We'll leave this open until a decision is made.