webserverDAT Access-Control-Allow-Origin header (CORS)

Hello,

I’m working on a Web API and the gentleman on the other end is asking me if I can integrate an ACAO header.
I get the concept, but I wonder if it is possible to implement with the webserverDAT.
Would it be possible with a custom index page integrating the ACAO header.

thanks

Hey @pixelux,

Not fully grasping the concept - is it a lookup you would build and then utilize when handling a request?

cheers
Markus

Hi Markus,

I believe something like that . I have limited knowledge in all those Web things .
I have dealt with APIs and sending requests on the client side, but this time, I need to run the server.

This is for a CMS solution to get the playback commands.
So far, it works great.
I receive the request, execute the command, and send back the response with the statusCode and the data.
they asked me if I Could add an access-control-allow-origin header to the response.
I thought that I could handle it with an index where I could include the CORS header. But it is not as easy.
If I’ve understood correctly, without this, they have to go through a proxy.
I think that this feature must to be handled on the server side, so POCO in our case .
I’m glad they’ll be able to do without it. I already have a really tight deadline :slight_smile:

thanks
xavier

Hey @pixelux,

if it is header data, you can add instructions to the response dictionary that is send back after a request is received:

def onHTTPRequest(webServerDAT, request, response):
	response['statusCode'] = 200 # OK
	response['statusReason'] = 'OK'
	response['Access-Control-Allow-Origin'] = 'https://www.siteA.com'
	response['data'] = '<b>TouchDesigner: </b>' + webServerDAT.name
	return response

But I don’t know enough to tell you that this is the correct way…

cheers
Markus

@snaut is correct. To add an element to the responseHeader, you simply need to to add it to the responseDict, (which I find kinda odd choise, but whatever.)

If you want to dig a little I made a wrapper around the webServerDAT to make live a little bit easier:

Here, you would say

response.header["access-control-allow-origin"] = "*"

or

response.header["access-control-allow-origin"] = "requestingDomain.com"

In the end it is the same, but feels easier to read :slight_smile:

Hi
thanks for the solution, really helpful for an HTML noob like me.
And far easier than what I thought.
@alphamoonbase , I recently found your 2 components. I need to explore them to understand the concept.