0

I am developing an application using Watson's Dialog service, where the API is accessed in client-side javascript, but ran into the following problem when trying to access the API.

XMLHttpRequest cannot load https://gateway.watsonplatform.net/dialog/api. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access. The response had HTTP status code 401.

The solution seems to be Cross Origin Resource Sharing, but I cannot find a way to enable this for a Watson service. Is there a way to do this? If not, is there another way around this? I was only able to find resources for enabling it for an application that we deploy ourselves.

If I'm understanding correctly this won't be a problem if our application is deployed to BlueMix, instead of being tested locally. If possible, though, we would like to be able to test locally when possible for speed of development.

Thanks for your help!

Alex P
  • 530
  • 1
  • 6
  • 13
  • Might this link be useful? ... https://developer.ibm.com/bluemix/2014/07/17/cross-origin-resource-sharing-bluemix-apis/ – Kolban Feb 22 '16 at 16:57
  • @Kolban I took a look at that a few times, and it seems to only discuss enabling it for applications that are deployed to Watson, not Watson Services? The only configuration I see for Watson Services seems to be the plan that is used. – Alex P Feb 22 '16 at 16:59

3 Answers3

2

You can test locally by taking your service credentials (VCAP_SERVICES) and adding them to your application. This should be done on your web server as environment variables.

You can check out this readme: https://github.com/watson-developer-cloud/movieapp-dialog

This would work smoothly with the Java SDK check out this: com.ibm.watson.developer_cloud.dialog.v1.DialogService;

or you can use the Node SDK An example for this: https://github.com/watson-developer-cloud/conversational-agent-application-starter-kit/blob/master/api/services.js

Dudi
  • 2,340
  • 1
  • 24
  • 39
2

The APIs you are calling doesn't allow cross origin request and your browser security is preventing you to use it (To understand the cross origin behaviour look on Mozilla docs about CORS)

To have a workaround for it (perfectly sure avoiding to break your browser's security policies) you could implement an application working as a proxy backend, which will forward to the requested APIs your requests and add all the headers to support CORS settings. This application could run on Bluemix and could be developed on the runtime you wish, nodejs or Java or php etc and then your mobile app should call it instead of APIs directly. Moreover it could allow you to move a lot of business logic from the client to the proxy/backend making the first more light and "agile"

v.bontempi
  • 1,562
  • 1
  • 9
  • 10
  • 1
    The application/proxy mention is exactly the code i referred to in my answer. Check it out, it will help you jumpstart your app. – Dudi Feb 24 '16 at 21:09
0

If one wishes to circumvent browser oriented security during development testing, browsers commonly have a mechanism to allow this capability. For example, in the Google Chrome browser, starting the browser with the flag --disable-web-security will disable checking for cross origin requests from the browser end allowing a browser to make REST requests to any back-end server. For example:

chrome --disable-web-security

A warning will be shown in your browser that you are running in this insecure more:

enter image description here

Kolban
  • 13,794
  • 3
  • 38
  • 60