Cross Domain API Calls (Development)


I am new to Frappe/ERPNext. Currently I am working on a Thunderbird Plugin for ERPNext. The Plugin calls some APIs from Javascript ( = Thunderbird Addon). I have a Developer Version of ERPNext which I run with “start bench”. It is not in Production and I don’t want it in production yet.

Unfortunately the Frappe API can not be called. I get the error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [http://localhost:8000/api/resource/Contact?limit_page_leng](http://localhost:8000/api/resource/Contact?limit_page_length=10000&fields=)

Surprisingly, when I do the same API call on a existing, in production Version of ERPNext it works without problems. (Probably are the Cross Domain Headers for NGINX set in that version).

I suppose the error is somewhere in the configuration.

Can somebody help me to set the CORS Headers for developer version of frappe?

Thanks a lot

1 Like

I have an idea I will try,
the development webserver is run by the wsgi library “werkzeug”. werkzeug supports CORS Headers.
I will try to inject the code to apply those headers in frappe. Therefore i searched the werkzeug method “run_simple()” and “make_app()” in the frappe directories. Haven’t found the exact spot yet.

Reference: Support CORS · Issue #131 · pallets/werkzeug · GitHub

Feel free to comment …

Hi @Canlann

Sounds interesting. Is this aimed at allowing API calls to external services and consumption/parsing of return messages?

Kind regards,

It is … though at the moment I had to give up. I was able to apply the headers but then I got CORS Preflight errors. I could not resolve them, so for now I will probably put it in production with nginx. Then I won’t have those issues.