API REST request from another domain?

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
Cosmin
Posts: 5
Joined: 15 Jan 2018, 09:22

API REST request from another domain?

Post by Cosmin »

Hi,

I'm developing an application in ColdFusion to manage mantis bt thought API REST but I have a problem with ajax requests.

If I making requests from the same domain where I installed mantis bt all requests work fine but when I try to make a request from another domain or the same domain with the different port the browser return "Access-Control-Allow-Origin" error.

I tried to add headers settings in API/rest/index.php and also in my ajax request but it doesn't work.

Code: Select all

var settings = {
            "async": true,
            "crossDomain": false,
            "url": "http://localhost:8080/Mantis/api/rest/projects/",
            "method": "GET",
            "headers": {
                "Authorization": "XXXXXXXXX-API-XXXXXXXXXXXXXx",
                "Cache-Control": "no-cache",
                "Access-Control-Allow-Origin": "http://dev.com:8500"
                }
            }
            $.ajax(settings).done(function (response) {
            console.log(response);
            });
Cosmin
Posts: 5
Joined: 15 Jan 2018, 09:22

Re: API REST request from another domain?

Post by Cosmin »

#UPSome_One?
Starbuck
Posts: 219
Joined: 14 Feb 2006, 02:53
Location: USA
Contact:

Re: API REST request from another domain?

Post by Starbuck »

This seems like a common cross-domain scripting issue. Browsers have built-in protections against such things.
Consider if you load a web page on site X, which was hacked, and pages AJAX requests to site Y to retrieve and save data that you thought was only going to be processed through site X.

You need to make your code less "hacky", probably by making a request to your server, and let the server make an API request to your Mantis app.
If you want Mantis to work differently, use or create a plugin. Visit the Plugins forums.
Ask developers to create a plugin that you need - and motivate them to help you!
Cosmin
Posts: 5
Joined: 15 Jan 2018, 09:22

Re: API REST request from another domain?

Post by Cosmin »

Starbuck wrote: 12 Apr 2018, 17:11 This seems like a common cross-domain scripting issue. Browsers have built-in protections against such things.
Consider if you load a web page on site X, which was hacked, and pages AJAX requests to site Y to retrieve and save data that you thought was only going to be processed through site X.

You need to make your code less "hacky", probably by making a request to your server, and let the server make an API request to your Mantis app.
Thanks, in the end, I did as you suggested.
Post Reply