Consider a package that works from browser or enabling CORS

[plwalters]

Currently the service doesn't work with cross-domain requests and there is no package that works in the browser. This limits the users who can actually test the service.

[kbrimijoin]

+1

[jtrayfield]

+1

[nfriedly]

This is a good request, I'd like to see it also.

CORS support (or JSONp or whatever) requires support in the REST APIs, so outside of the scope of the SDK, but I'll pass along the request. If/when it's implemented there, then it would make sense to start testing this library in browsers and make sure everything else works. However, I'm going to close this ticket for the meanwhile since it's not currently actionable here.

One thing of note: you will still need a small server-side component to generate access tokens (you should not send your service credentials out in client-side JavaScript.)

BTW, I'm working on a standalone library for using Speech-to-Text in browsers: https://github.com/watson-developer-cloud/speech-javascript-sdk. It's mostly functional, but not yet ready for use.

(I believe it makes sense to have a standalone browser library for Speech services in particular since the APIs they depend on are significantly different from node.js - but for the rest of the services, making the same library work in both node and browsers is probably the right plan.)

[wellingtonsampaio]

I believe some Watson services support CORS now. Is there a list of the services supporting documented somewhere?

[nfriedly]

Yeah, I did some testing a couple of months ago, and almost all services support CORS now. I'm actually working on this right now in the browser branch.

[wellingtonsampaio]

Do you know if the Retrieve and rank service supports now?

[nfriedly]

No, it does not look like it does right now. I guess I should have said "many services" rather than "almost all".

Here's my test:

curl -u "{username}":"{password}" -H "Origin: http://example.com" "https://gateway.watsonplatform.net/retrieve-and-rank/api/v1/solr_clusters" -v
*   Trying 158.85.132.88...
* Connected to gateway.watsonplatform.net (158.85.132.88) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.watsonplatform.net
* Server certificate: GeoTrust SSL CA - G3
* Server certificate: GeoTrust Global CA
* Server auth using Basic with user '[...]'
> GET /retrieve-and-rank/api/v1/solr_clusters HTTP/1.1
> Host: gateway.watsonplatform.net
> Authorization: [...]
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://example.com
> 
< HTTP/1.1 200 OK
< X-Backside-Transport: OK OK
< Connection: Keep-Alive
< Transfer-Encoding: chunked
< Date: Thu, 21 Jul 2016 13:37:51 GMT
< Content-Type: application/json
< Server: -
< Set-Cookie: [...]
< X-Client-IP: 216.96.112.56
< X-Global-Transaction-ID: [...]
< X-DP-Watson-Tran-ID: [...]
< 
* Connection #0 to host gateway.watsonplatform.net left intact
{"clusters":[{"solr_cluster_id":"[...]","cluster_name":"My cluster","cluster_size":"1","solr_cluster_status":"READY"}]}

It should have had, at a minimum, an Access-Control-Allow-Origin: * header on the response.

[wellingtonsampaio]

Thanks for the info Nathan. One other thing regarding the CORS enablement is that either the credentials or the token generated should set some level of authorization. Do you know if that's planned to happen? At least on the Retrieve and Rank service the credentials allow you to manage the Solr cluster.

[nfriedly]

I know it's been requested already, I don't know if it's planned. I'll put in another request though. (That may be part of why R&R doesn't currently support CORS...)