Get all values through REST API

Posted on
Mon Jan 27, 2020 9:24 pm
RogueProeliator offline
User avatar
Posts: 2501
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: Get all values through REST API

When opening the json url in a browser I get B\u00fcro instead of Büro.

Most of the time you can restore any escape sequence, including those in URL encoded and Unicode encodings, using a combination of JSON.parse and decodeURIComponent.

Code: Select all
var testStr = "B\\u00fcro";
var testStrDecoded = decodeURIComponent(JSON.parse('"' + testStr + '"'));
var res = "Original: " + testStr + "<br/>Decoded Value: " + testStrDecoded;
When I print that last variable it shows:
Original: B\u00fcro
Decoded Value: Büro

Adam

Posted on
Tue Jan 28, 2020 1:44 am
davinci offline

Re: Get all values through REST API

Makes sense, thanks.

Now I just need the authentification function to work.

Posted on
Tue Jan 28, 2020 2:21 am
davinci offline

Re: Get all values through REST API

Looks like this does not work because of CORS policy of the browser or server. The domain where I call the script does not match the Indigo reflector address.

https://de.m.wikipedia.org/wiki/Cross-O ... ce_Sharing

Since it is sandboxed by the browser there should be a way...
Is there anything I can do?

Posted on
Tue Jan 28, 2020 8:58 am
RogueProeliator offline
User avatar
Posts: 2501
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: Get all values through REST API

Now I just need the authentification function to work.

What error are you getting on the authentication? Or did you track it to your issue below? One of the easiest ways to see this in action is to view the Developer Console for your browser (at least on Firefox or Chrome, don't use Safari so not sure there) and watch the Network tab.

Looks like this does not work because of CORS policy of the browser or server. The domain where I call the script does not match the Indigo reflector address.

Where exactly are you getting that at? I am pretty sure many Indigo users are utilizing the REST API outside of Indigo, and I would assume many of those are through the reflector service. Don't do that myself, so can't be 100% sure there.

Posted on
Tue Jan 28, 2020 11:17 am
davinci offline

Re: Get all values through REST API

I get this error in JS:
Code: Select all
[Error] Origin https://mac.local is not allowed by Access-Control-Allow-Origin.


My research revealed that this is normal behavior of a modern browser and it is intended. If anyone knows something, please let me know.

The problem is that this would have to be done on the server side. There might be reasons not to do that?

Posted on
Tue Jan 28, 2020 12:31 pm
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: Get all values through REST API

Shutdown the Indigo Server and try editing the file:

/Library/Application Support/Perceptive Automation/Indigo 7/IndigoWebServer/indigopy/restreqhandler.py


After line 78:
Code: Select all
         cherrypy.response.headers['Content-Type'] = 'text/' + format

Add:
Code: Select all
         cherrypy.response.headers['Access-Control-Allow-Origin'] = 'https://mac.local'

Watch the indentation -- you have to use tabs and not spaces so duplicate line 78 and change the new line to make sure it is formatted correctly. If that doesn't work try using '*' instead of 'https://mac.local'. I don't think the wildcard will work though since the RESTful request includes credentials and it sounds like the wildcard special cases to not allow that.

Note your manual changes to that .py file can get overwritten when you run the Indigo Installer, so make a backup of the file.

Image

Posted on
Tue Jan 28, 2020 3:01 pm
RogueProeliator offline
User avatar
Posts: 2501
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: Get all values through REST API

The problem is that this would have to be done on the server side. There might be reasons not to do that?

No, it is fine... this is just to prevent several attacks which rely on going across sites. What Matt posted is industry standard to add -- in fact, some content that is designed to share to all (like CDN networks) will include a * meaning "can server everywhere". Doing it how Matt suggested is 100% standard for allowing site(s) to do what you are trying to do. Just keep in mind what he said regarding it being overwritten in upgrades or it will come up again.

Posted on
Wed Jan 29, 2020 12:17 pm
davinci offline

Re: Get all values through REST API

Thanks, that looks promising.

However I still get the same message from Safari.
Code: Select all
[Error] Origin https://mac.local is not allowed by Access-Control-Allow-Origin.


Don't know how to test it properly.

I also used '*', which is what I have to use anyway because the client name changes.

Posted on
Wed Jan 29, 2020 5:32 pm
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: Get all values through REST API

I don't think '*' is going to work. I realize the client name changes, but does it work if you use 'https://mac.local' when you are on that particular client? That will tell us if the header is even being used or not.

Image

Posted on
Wed Jan 29, 2020 11:48 pm
RogueProeliator offline
User avatar
Posts: 2501
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: Get all values through REST API

I don't think '*' is going to work.

Oh, sorry, I was just trying to illustrate that it was industry standard... wasn't suggesting using that. I think it requires an anonymous connection for the wildcard to work.

Boy, it has been a while since I have dealt with this, but don't some servers look at the Origin header and then return that for the Access-Control-Allow-Origin? If so, does cherrypi have access to the headers of the request where it could spit that back out?

Adam

Posted on
Thu Jan 30, 2020 12:19 am
davinci offline

Re: Get all values through REST API

Unfortunately, it doesn't make any difference. Looks like it blocks it before even getting the header back?

I attached the file, maybe I missed something. (renamed to txt)

Manual requests work.
Attachments
restreqhandler.txt
(5.86 KiB) Downloaded 158 times

Posted on
Thu Jan 30, 2020 12:22 am
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: Get all values through REST API

Also try dropping the https:// part, so maybe just:

cherrypy.response.headers['Access-Control-Allow-Origin'] = 'mac-mini.local'

Image

Posted on
Thu Jan 30, 2020 1:55 am
davinci offline

Re: Get all values through REST API

According to Mozilla ist should be including https.

Anyway, I need it for multiple domains. The error was the same for the wildcard.

There has to be a way for this. This is confusing, since any domain can access over the Browser anyway.

Posted on
Thu Jan 30, 2020 4:31 am
howartp offline
Posts: 4559
Joined: Jan 09, 2014
Location: West Yorkshire, UK

Re: Get all values through REST API

Although I’m (vaguely) aware of what origins and cross-site etc is, I’m still confused as to what you’re trying to achieve?

Where is the javascript running? On the Mac, or on a remote site?

The origin etc shouldn’t be involved as you’re not trying to execute a function exposed by (the api), you’re calling the actual api which should just return the JSON.

Auth shouldn’t affect origin either.



Sent from my iPhone using Tapatalk Pro

Posted on
Thu Jan 30, 2020 5:17 am
davinci offline

Re: Get all values through REST API

The script is running in an iOS-App (Apache Cordova) and on a website.

I‘m testing locally in the browser and CORS blocks any connection to the API.

In the App I get a different error, which I assume is not necessarily related.

Code: Select all
 CredStore - performQuery - Error copying matching creds.  Error=-25300, query={
    class = inet;
    "m_Limit" = "m_LimitAll";
    ptcl = htps;
    "r_Attributes" = 1;
    sdmn = "Indigo Control Server";
    srvr = "url.indigodomo.net";
    sync = syna;
}

Who is online

Users browsing this forum: No registered users and 4 guests