Mantis Bug Tracker - Forums


https://mantisbt.org/forums/

API REST request from another domain?

https://mantisbt.org/forums/viewtopic.php?t=25435

Page 1 of 1

API REST request from another domain?

Posted: 26 Mar 2018, 08:51
by Cosmin
Hi,

I'm developing an application in ColdFusion to manage mantis bt thought API REST but I have a problem with ajax requests.

If I making requests from the same domain where I installed mantis bt all requests work fine but when I try to make a request from another domain or the same domain with the different port the browser return "Access-Control-Allow-Origin" error.

I tried to add headers settings in API/rest/index.php and also in my ajax request but it doesn't work.

Code: Select all

var settings = {
            "async": true,
            "crossDomain": false,
            "url": "http://localhost:8080/Mantis/api/rest/projects/",
            "method": "GET",
            "headers": {
                "Authorization": "XXXXXXXXX-API-XXXXXXXXXXXXXx",
                "Cache-Control": "no-cache",
                "Access-Control-Allow-Origin": "http://dev.com:8500"
                }
            }
            $.ajax(settings).done(function (response) {
            console.log(response);
            });

Re: API REST request from another domain?

Posted: 10 Apr 2018, 19:50
by Cosmin
#UPSome_One?

Re: API REST request from another domain?

Posted: 12 Apr 2018, 17:11
by Starbuck
This seems like a common cross-domain scripting issue. Browsers have built-in protections against such things.
Consider if you load a web page on site X, which was hacked, and pages AJAX requests to site Y to retrieve and save data that you thought was only going to be processed through site X.

You need to make your code less "hacky", probably by making a request to your server, and let the server make an API request to your Mantis app.

Re: API REST request from another domain?

Posted: 16 Apr 2018, 15:55
by Cosmin
Starbuck wrote: 12 Apr 2018, 17:11 This seems like a common cross-domain scripting issue. Browsers have built-in protections against such things.
Consider if you load a web page on site X, which was hacked, and pages AJAX requests to site Y to retrieve and save data that you thought was only going to be processed through site X.

You need to make your code less "hacky", probably by making a request to your server, and let the server make an API request to your Mantis app.
Thanks, in the end, I did as you suggested.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited