8

I'm trying to get basic JSON communication from client to server going, with the following Elm code:

import open Http

result res = case res of
    Success a -> a
    Waiting -> "Waiting"
    Failure n a-> "Failure " ++ (show n) ++ " " ++ (show a)


main =   lift asText <| lift (show . result) <|  send <| constant  <| post "http://localhost:3000" "{foo : true}"

The server is exactly as shown in this part of the Yesod book.

However, when I run the request, I get the output 

"\"Failure 0 []\""

Does anybody know what I have to do to get an Elm client properly communicating with a Yesod server? I've tried a Python client, and the requests work just fine. Likewise, there are several examples on the Yesod site with successful Http requests, so I'm confident both libraries are working properly, but that I'm using them wrong.

UPDATE: The problem is client-side. I was able to get it working with chrome with security options disabled, and no changes to Yesod. I'll look for a workaround, but this is at least enough to let my development continue.

jmite
  • 8,171
  • 6
  • 40
  • 81

2 Answers2

8

This is caused by a cross-site scripting security feature on some sites. It was recently brought up on the Elm mailing lists (by me). There is not currently a workaround if you are committed to using your specific server, although I've had luck hosting the files on elm-server, which hosts all files in the directory you run it in.

You should check the javascript console and you'll see something like XMLHttpRequest cannot load http://www.google.com/. Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.. If you don't, then this is a completely new issue. But I doubt that.

mgold
  • 6,189
  • 4
  • 39
  • 41
  • So, I'm posting to localhost, and I have complete control of the Yesod server... can I turn off the security feature? Also, when I run it from the console, I get the following message about the post: [22:35:12.380] POST http://localhost:3000/ [HTTP/1.1 200 OK 19ms] So it seems the server is returning the message, and Elm just doesn't know what to do with it... – jmite Sep 06 '13 at 04:38
  • @jmite I would advise against turning off security on the server, and moreover it may be in the browser. I suspect the browser isn't allowing Elm to see the response because it could be malicious based on XSS characteristics. – mgold Sep 06 '13 at 04:48
  • Hmm, interesting. Honestly, my server's just local, it won't be live for a while, so I might just turn stuff off as a workaround until a bona fide patch is written... – jmite Sep 06 '13 at 04:50
  • Interesting... I was using Firefox before. In IE, I get the same error as you: SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied. So, is the bug specific to Elm? i.e. could I write a js function which avoided this, and access it via ffi? – jmite Sep 06 '13 at 04:53
  • @jimite My guess is it's a bug in Elm, but that's based on on the fact that Elm is a young language (still in beta) where all the browsers are mature, and Yesod at least calls itself a 1.x release. – mgold Sep 07 '13 at 01:42
5

I guess your server needs to send CORS-headers, discussed in example in this SO post: Allowing cross-origin requests in Yesod

More information about CORS in MDN and Wikipedia

Please note that the browser thinks your are doing Cross-Origin requests if

  • the domain name differs, in example you try to fetch data from foobar.com and in your browsers location you have barfoo.com
  • the subdomain is different, in example your application lives in foobar.com and you try to fetch data from api.foobar.com
  • the ports differ, in example your browser application is in localhost:8000 and you try to fetch data from localhost:8001
Community
  • 1
  • 1
NiklasN
  • 559
  • 1
  • 7
  • 12