0

I'm hitting a major road block while consuming services POST from this client who has no Access-Control-Allow-Origin at all.

I've tried following solutions or are you saying it's not possible at all?

  1. Looked into JSONP but that's limited to GET only.
  2. Created a service on my domain that can make a request to client domain. Ended up with { [Error: socket hang up] code: 'ECONNRESET' }
  3. Haven't tested, but can I've it accomplished using node-curl. https://www.npmjs.com/package/node-curl

Please advise.

user2727195
  • 7,122
  • 17
  • 70
  • 118
  • So, for some clarifying. Who owns that service? Also there are no CORS issues, the are service owner issues :) – loadaverage Feb 25 '16 at 23:18
  • :) the client owns the services, basically Canvas LMS API, it's based on oAuth2, https://canvas.instructure.com/doc/api/index.html Is there a work around in case headers are not present? – user2727195 Feb 25 '16 at 23:39
  • What is the actual problem you're trying to solve? Is a web page trying to make a request to your service? Or something else? Or is your node.js app just trying to make a request to some other host? – jfriend00 Feb 25 '16 at 23:44
  • It's my javascript client code trying to make a POST request to their web service and because of lack of access headers, it's failing and I'm trying to workaround using options mentioned above, 1,2,3 – user2727195 Feb 25 '16 at 23:50

1 Answers1

1

So, why just not add this header? Just one line of code :)

You may run your own server which will forward requests to that service (nginx can easily do that, take a peek).
In a nutshell:
frontend app -> your proxy with CORS headers (like nginx) -> api service

loadaverage
  • 1,028
  • 1
  • 11
  • 16
  • I believe I'll need more resources and understanding for that, any videos you can recommend to watch – user2727195 Feb 29 '16 at 03:42
  • As same origin policy is based on http headers and "origin" concept - I'd recommend to dive into HTTP and SOP RFC's, very nice article (obsolete, but very informative) - [rf2616](https://tools.ietf.org/html/rfc2616), SOP RFC [rfc6454](https://tools.ietf.org/html/rfc6454) also wiki has some good links for SOP and how bypass it (recommend read them after rfc's) - [sop on wiki](https://en.wikipedia.org/wiki/Same-origin_policy). If you doesn't have enough time - read all links from wiki which will interest you. PS: curl, tcpdump and netcat is nice things for experimenting with http. – loadaverage Feb 29 '16 at 15:23