search

prasmussen / glot-run

API for running code inside docker containers
https://run.glot.io/
MIT License
147 stars 48 forks source link

CORS issue #22

Open itaditya opened 7 years ago

itaditya commented 7 years ago

Hi I'm unable to make an AJAX request to glot.io. I keep getting this error.

Failed to load https://run.glot.io/languages/python/latest: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 405.

alokshakya commented 6 years ago

Hi I am not able to call https://run.glot.io/languages/python/latest in Angular 5 application it gives following error.

Failed to load https://run.glot.io/languages/python/latest: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 405. screenshot 226

prasmussen commented 6 years ago

Yeah, CORS is not supported at this time. I'm currently working on a new version of the api where I will consider allowing it. It will take at least a couple of months before the new api is ready though.

sbstnssndn commented 6 years ago

So we can't run code in glot from localhost? Is there a workaround for that?

itaditya commented 6 years ago

Create a backend server. From your frontend send a request to the server and from the server make a request to glot. For a working implementation check out https://github.com/itaditya/Code-Runner

sbstnssndn commented 6 years ago

Aaah I see, thanks. Sorry, why does this work? I thought if a request didn't work from the front, it wouldn't work from the back either.

itaditya commented 6 years ago

A request sent from browser i.e. Ajax is different from what is sent by the server. Since the request on the client side can be tampered by bad actors, it is less secure that is why cors exist to prevent sending requests from client side. Many Payment gateways also accept request from server only

sanjayme97 commented 4 years ago

is this fixed @prasmussen

chumaumenze commented 4 years ago

@sanjayme97 This might help you. https://github.com/Rob--W/cors-anywhere

ten0s commented 4 years ago

@prasmussen, I see some unused code for CORS https://github.com/prasmussen/glot-run/blob/master/apps/glot/src/http/http_util.erl#L72-L83

Would you accept a PR?

prasmussen commented 4 years ago

@prasmussen, I see some unused code for CORS https://github.com/prasmussen/glot-run/blob/master/apps/glot/src/http/http_util.erl#L72-L83

Would you accept a PR?

Sorry, but I won't do any changes to the current version in regards to CORS