19

Is there a slick way to enable CORS with the Cloud Endpoints?

(Adding "Access-Control-Allow-Origin: *" or something like this to the response)

Thanks, Brandon

fab
  • 317
  • 4
  • 20
Brandon
  • 2,034
  • 20
  • 25
  • I'd like to enable it for debugging on the client side too. :) – Brandon Jul 30 '12 at 02:08
  • Is CORS not enabled by default for all domains? This may be a bug. If so I can file a bug on it internally. – Jason Hall Jul 30 '12 at 02:11
  • I should mention it would be handy to be able to debug this locally, maybe modify the appengine-web.xml file. I've setup XHR2 request from my Dart editor but I need to turn on cors for it to work across domains locally too. – Brandon Jul 30 '12 at 02:38
  • I found this but doesn't work. – Brandon Jul 30 '12 at 02:57
  • Not sure about Cloud Endpoints, but I've managed to use the Cors filter for normal requests: http://software.dzhuvinov.com/cors-filter.html https://groups.google.com/forum/?fromgroups#!topic/vosao-cms-development/cybFCgCvYt0 – ZiglioUK Jul 30 '12 at 21:12
  • FYI I've filed a bug internally at Google to add CORS support to Endpoints. – Jason Hall Aug 01 '12 at 13:25
  • I found out they support cors requests on the production server and a issue has been filed for the local debugging to support cors. – Brandon Sep 08 '12 at 22:08
  • I put up a demo of it working: http://demogwtcloudendpoints.appspot.com – Brandon Sep 11 '12 at 03:31
  • 1
    @Branflake2267 What did you end up doing? I don't see any difference in the endpoint classes and can't find an example of a GET CORS request in the code. – willlma Jul 18 '13 at 05:28

3 Answers3

2

As CORS works on production for Cloud Endpoints. What I did to test on devserver (local) was to disable the browser security. For Dartium (I think Chrome also) use --disable-web-security parameter on startup.

kcaldas
  • 49
  • 6
2

Try adding this to the yaml file of your endpoint:

x-google-endpoints:
  - name: "{your-endpoint-host-name}"
    allowCors: "true"
Janos Elohazi
  • 21
  • 1
0

This depends on if you have control over the headers on the endpoints - either via the application or the web server serving the original page which contains scripts that want to make cross domain requests.

JSON-P still seems far more popular - either due to lack of support on the server side of platforms, or a distrust that it will work with clients (e.g. legacy web browsers) - whereas JSON-P will often work.

Michael Neale
  • 19,248
  • 19
  • 77
  • 109
  • JSONP should work with Endpoints, but as usual only for GET requests. – Jason Hall Jul 30 '12 at 02:14
  • yes, that is just one of the more one of the unpleasant things about it ;) I am surprised that CORS isn't more widely known, interested to see what other answers people have – Michael Neale Jul 30 '12 at 02:27
  • I'd prefer to try enabling CORs by adding the response header to the endpoints responses. The question is how. :) – Brandon Jul 30 '12 at 02:39
  • Branflake2267 - are you using python or java for GAE? if java, httpservletresponse or a filter can set the header, however, not sure if it will be ignored/not allowed by GAE – Michael Neale Jul 30 '12 at 02:53
  • Java and in particular the new Java Cloud Endpoints api that has been released. I've added this to appengine-web.xml but does not work on the reserved paths ./_ah* – Brandon Jul 30 '12 at 03:00