hi, I want to show whether the streaming channels are connected or not on the web page.
So I’m going to call the basic Java api to ajax to use the result.
However, it causes a CORS issue on the web page and cannot get the value.Here is the result window and the way I call up the code below.
function getVideoConnectedList(){
$.ajax({
url: "http://MyIP:8086/connectioncounts?flat",
dataType: "xml",
headers: {
"Authorization" : "Basic " + btoa("ID" + ":" + "PW")
},
success: function(data){
var result = data;
console.log(data);
}
})
}
Access to XMLHttpRequest at 'http://MyIP:8086/connectioncounts?flat' from origin 'http://localhost:8080' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
The REST API can receive values normally if called in the same way.
If you refer to the link above, as the default setting, CORS heads are using wildcards for Access-Control-Allow-Origin.
Is there any code to add for 8080 port in server.xml, VHost.xml, Application.xml file, etc. to avoid CORS? Or is there anything to modify about the ajax call code?
Thank you.
CORS headers should be enabled for http providers, but it is possible to disable them using a property at the http provider level.
https://www.wowza.com/docs/how-to-enable-cross-origin-resource-sharing-cors-for-http-based-streams#configure-cors-headers-for-http-providers
If you haven’t accidentally disabled them, then you may need to add some custom CORS headers for your specific use case. You should be able to use any of the CORS properties in the http provider properties. The protocol for each property would be http
Send us a support ticket if you’d like a hand with this. Our engineers can help get it set up correctly with you.
Thank you for your help.
In my case, I erased the header from the code above.
And I changed the HTTP Provider’s Authentication Method property to ‘none’ in the calling API
and restarted the server.
The CORS issue has disappeared.
Thank you so much for the update. Glad the issue has been resolved.
This is a old and resolved post but I would nevertheless want to add to this. Removing authentication from the api isn’t a good design idea in general. If there are other calls in your api that create or edit resources in server side then it could be a potential threat if someone misuses the endpoint. From design standpoint it is better to wrap the actual api inside another outer api layer such as Amazon api gateway or your custom wrapper and expose only certain specific calls to public. The wrapper will use authentication to talk to actual API. This makes your system safe and secure. You can also use this wrapper system to create roles for finer access control to the actual API.