Hi,
i am working with the zwave-mini-ui-master using the requests it uses to control the zwayserver from my
own website e.g. get http://ip:8083/zWaveApi/Data/0.
After upgrading the zwayserver all requests get blocked. The ones i took from the example code and modified but also the original ones out of the mini-ui-master application itself.
The blocking reason is:
'Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://192.168.111.xxx:8083/ZWaveAPI/Data/0. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).'
I did find one post here in the forum describing this error but the proposed solution is not working for me.
I think the solution in this thread is for requests to ZAutomation and not for ZWaveApi.
I tried everything i could think of and am getting really desperate now. Not only have i used the ZWaveApi a lot already and would have to do it all again with another api (probably ZAutomation) the zwaveapi is really easy to use.
Does anyone know how to add the CORS header that it also works for zwaveapi or what else i can do, that would save me a ton of work.
rgds
Andy
ZWaveApi Requests fail after upgrade CORS
Re: ZWaveApi Requests fail after upgrade CORS
Which version do you use? We set Access-Control headers in our web server
Re: ZWaveApi Requests fail after upgrade CORS
Hi,
i am using firmware version 2.2.5
I also wanted to set the access control header as per thread
'HTTP API - Cors and JQuery if quey comes from remote host'
But they were already set in my version.
It seems that this setting is only valid when using the ZAutomation API
There the response contains the 'Access-Control-Allow-Origin *' header
But i am using ZWaveAPI and here this header seems to be missing.
Do i have to make the header setting for this API at another location?
thx
Andy
i am using firmware version 2.2.5
I also wanted to set the access control header as per thread
'HTTP API - Cors and JQuery if quey comes from remote host'
But they were already set in my version.
It seems that this setting is only valid when using the ZAutomation API
There the response contains the 'Access-Control-Allow-Origin *' header
But i am using ZWaveAPI and here this header seems to be missing.
Do i have to make the header setting for this API at another location?
thx
Andy
Re: ZWaveApi Requests fail after upgrade CORS
Ah, make sense. Indeed. We will fix this.
Re: ZWaveApi Requests fail after upgrade CORS
Please try to apply this:
Code: Select all
diff --git a/modules/ZWave/index.js b/modules/ZWave/index.js
index 3651558..274c7b5 100644
--- a/modules/ZWave/index.js
+++ b/modules/ZWave/index.js
@@ -515,6 +515,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "keep-alive"
},
body: r
@@ -530,6 +533,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "keep-alive"
},
body: zway.data(timestamp)
@@ -541,6 +547,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "keep-alive"
},
body: zway.InspectQueue()
@@ -564,6 +573,9 @@ ZWave.prototype.defineHandlers = function () {
headers: {
"Content-Type": "application/x-download",
"Content-Disposition": "attachment; filename=z-way-backup-" + ts + ".zbk",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "keep-alive"
},
body: data
@@ -593,6 +605,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "keep-alive"
},
body: null
@@ -797,6 +812,9 @@ ZWave.prototype.defineHandlers = function () {
"status": 200,
"body": zddx.toString(),
"headers": {
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Content-Type": "application/xml"
}
};
@@ -1053,6 +1071,9 @@ ZWave.prototype.defineHandlers = function () {
return {
status: 200,
headers: {
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Content-Type": "application/json",
"Connection": "keep-alive"
},
@@ -1368,6 +1389,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "keep-alive"
},
body: pfix
@@ -1443,6 +1467,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "keep-alive"
},
body: fix[0]
@@ -1573,6 +1600,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "close"
},
body: expert_config
@@ -1618,6 +1648,9 @@ ZWave.prototype.defineHandlers = function () {
status: 200,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "close"
},
body: null
@@ -1672,6 +1705,9 @@ ZWave.prototype.defineHandlers = function () {
status: 500,
headers: {
"Content-Type": "application/json",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+ "Access-Control-Allow-Headers": "Authorization",
"Connection": "close"
},
body: null
Re: ZWaveApi Requests fail after upgrade CORS
Hi,
works like a charm.
Many thanks, you saved me a load of work.
rgds
Andreas
works like a charm.
Many thanks, you saved me a load of work.
rgds
Andreas
Re: ZWaveApi Requests fail after upgrade CORS
Ok, pushed to the develop branch, so in next release this will be included