Access-control-cross-origin /cors problems

Rancher 1.x
1

I’m trying to use the angular $http service to gather some data from the rancher api. However, if I use $http.get() I get the following errors:

XMLHttpRequest cannot load https://<rancherIP>/v1-catalog/templates. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://myAppIP' is therefore not allowed access. The response had HTTP status code 401.

So, I tried to use $http.jsonp() - but that comes back with an error of “SyntaxError: Unexpected token <” because the actual response is not json but …

<!DOCTYPE html>
<!-- If you are reading this, there is a good chance you would prefer sending an
"Accept: application/json" header and receiving actual JSON responses. -->
<link rel="stylesheet" type="text/css" href="https://releases.rancher.com/api-ui/1.0.4/ui.min.css" />
<script src="https://releases.rancher.com/api-ui/1.0.4/ui.min.js"></script>
<script> [snip]

unfortunately, jsonp does not allow you to add your own headers … so it’s a catch-22. Can’t use .get (but can add header), can use jsonp (but can’t get data)

Is there an option / parameter on the url to specify json as the response, rather than a header option ?

Or is there an option on the rancher server software to enable cors ?

2

There is not; an option to set it in cattle would be ok but it is a generally-bad-idea™ to just add Access-Control-Allow-Origin: * by default.

A proxy server to pass requests for yourdomain.com/v1 to rancherip/v1 (and a few other paths…) is fairly straightforward and avoids CORS altogether. Here’s the one we use for UI dev: https://github.com/rancher/ui/blob/master/server/proxies/api.js

3

Hi Vincent, I also encountered this problem, for testing, how to set the option in cattle for enable Access-Control-Allow-Origin: * by default? Thanks.

4

As I said above there is no option for that.