I am trying to use API’s provided by Frappe to access content on a different domain.
However, I am facing issues with the same.
Here is my code:
<!DOCTYPE html>
<html>
<head>
<title></title>
<script
src="https://code.jquery.com/jquery-3.2.1.js"
integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE="
crossorigin="anonymous"></script>
</head>
<body>
<button onclick="submitForm()">Click Me</button>
<div id="resp">
</div>
<button onclick="GetOne()">Get One</button>
<div id="get_one">
</div>
<script type="text/javascript">
data2 = {
usr: '***',
pwd: '***',
}
function submitForm(){
$.ajax({
url:"https://***/api/method/login",
data: data2,
method:'POST',
crossDomain: true,
dataType:'JSON',
success:function(data){
alert('success'+" "+data+" "+data.message+' ' +data.full_name)
},
error:function(XMLHttpRequest,textStatus,errorThrown){
alert("error"+errorThrown);
console.log(errorThrown);
$("#resp").html("ERROR"+errorThrown);
}
});
};
function GetOne(){
$.ajax({
url:"https://***/api/resource/Person",
type: "GET",
dataType: 'JSON',
async: true,
crossDomain: true,
usr:"***",
pwd:"***",
xhrFields: {
withCredentials: true;
},
success:function(data){
alert('success')
},
error:function(XMLHttpRequest,textStatus,errorThrown){
alert("error"+errorThrown);
console.log(errorThrown);
$("#resp").html("ERROR"+errorThrown);
}
});
};
</script>
</body>
</html>
Login works perfectly fine, however, subsequent API calls give the cross origin error.
I have already added the allow origin headers in nginx config file.
On a Side Note, all calls are working correctly in Postman.
And when I login on my website in another tab, the API calls work correctly without any errors.
Any help is appreciated!
Thanks!
[Screens]
Loggen in Successfully >
Error in further calls
The error log in console:
Earlier when header had parameter *
XMLHttpRequest cannot load https://***/api/resource/Contact. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://###' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
After that I changed * to ’ https://### ’ i.e. the website I was trying to call API’s from.
Still getting cross origin error!
Basically, I think the error is with setting cookies, I would like to know how you guys are storing sessions for API calls.