API REST request from another domain?

Get help from other users here.

Moderators: Contributor, Developer

Post Reply
Cosmin
Posts: 5
Joined: Jan 15, 2018 4:22 am

API REST request from another domain?

Post by Cosmin » Mar 26, 2018 3:51 am

Hi,

I'm developing an application in ColdFusion to manage mantis bt thought API REST but I have a problem with ajax requests.

If I making requests from the same domain where I installed mantis bt all requests work fine but when I try to make a request from another domain or the same domain with the different port the browser return "Access-Control-Allow-Origin" error.

I tried to add headers settings in API/rest/index.php and also in my ajax request but it doesn't work.

Code: Select all

var settings = {
            "async": true,
            "crossDomain": false,
            "url": "http://localhost:8080/Mantis/api/rest/projects/",
            "method": "GET",
            "headers": {
                "Authorization": "XXXXXXXXX-API-XXXXXXXXXXXXXx",
                "Cache-Control": "no-cache",
                "Access-Control-Allow-Origin": "http://dev.com:8500"
                }
            }
            $.ajax(settings).done(function (response) {
            console.log(response);
            });

Cosmin
Posts: 5
Joined: Jan 15, 2018 4:22 am

Re: API REST request from another domain?

Post by Cosmin » Apr 10, 2018 2:50 pm

#UPSome_One?

Starbuck
Posts: 145
Joined: Feb 13, 2006 9:53 pm
Location: USA
Contact:

Re: API REST request from another domain?

Post by Starbuck » Apr 12, 2018 12:11 pm

This seems like a common cross-domain scripting issue. Browsers have built-in protections against such things.
Consider if you load a web page on site X, which was hacked, and pages AJAX requests to site Y to retrieve and save data that you thought was only going to be processed through site X.

You need to make your code less "hacky", probably by making a request to your server, and let the server make an API request to your Mantis app.
If you want Mantis to work differently, use or create a plugin. Visit the Plugins forums.
Ask developers to create a plugin that you need - and motivate them to help you!

Cosmin
Posts: 5
Joined: Jan 15, 2018 4:22 am

Re: API REST request from another domain?

Post by Cosmin » Apr 16, 2018 10:55 am

Starbuck wrote:
Apr 12, 2018 12:11 pm
This seems like a common cross-domain scripting issue. Browsers have built-in protections against such things.
Consider if you load a web page on site X, which was hacked, and pages AJAX requests to site Y to retrieve and save data that you thought was only going to be processed through site X.

You need to make your code less "hacky", probably by making a request to your server, and let the server make an API request to your Mantis app.
Thanks, in the end, I did as you suggested.

Post Reply