Solved: XMLHttpRequest - CORS with Origin is null

Anonymous · ‎09-18-2015

Greetings!

So I've been trying to create an JS action-script that uses Cross Origin Resource Sharing. I am using an nginx server and have already created the appropriate headers in my nginx.conf file to allow "access-control-allow-origin: *". However, when I call the script, I am getting a "access-control-allow-origin origin is null" issue. Does anyone know what the origin is in Fusion 360? I have an underlying suspicion that Fusion 360 might be calling from origin: File:/// but I am unsure. Does anyone have any ideas or suggestions for what I should try out?

KrisKaplan · ‎09-18-2015

You can verify in the debugger console with 'location.origin' that the origin is indeed 'File://' as the script's html file is opened as a local file in the browser.

I'm not sure I have any great suggestions. The standard ones would be to try JSONP instead.

Or to run your code from a local server instead of file. You could do this by first running a local server (maybe a simple Python or Node server) to host your script files, and have your main Fusion script use something like "location.href = 'http://localhost:pornum/myscript.html'" to navigate the page to the local server hosted script which will give you a non-null origin.

Or you could do this in a Python script instead (using something like the 'requests' library) where there are no browser security issues.

Kris

Kris Kaplan

Anonymous · ‎09-18-2015

I noticed that the origin is indeed : File:// as it is getting called locally from the browser.

I might try the method that you mentioned of using location.href or take the Python approach.

I would take the JSONP approach but it would not allow me to perform a POST. I am trying to post data to a site via CORS. But I will look further into these two suggestions you have provided.

Does Python not have a preflight session when performing CORS related operations?

KrisKaplan · ‎09-18-2015

CORS is really a web browser specific security protocol. It does not really apply to requests made outside of a browser's security context, such as from Python running in a desktop application like Fusion. Of course, you would be free to preflight requests from Python if you wish by directly making the OPTIONS request and interpreting the Access-Control-* headers, but I don't see why you would ever want to do that.

Kris

Kris Kaplan

Anonymous · ‎09-18-2015

Oh, I am trying to use CORS so that I can use the script to both export the design as a STEP file and also send it to my site on another domain. Hence, I wanted to look into the options regarding posting a file.

KrisKaplan · ‎09-18-2015

CORS is a protocol to bypass the 'same origin' security restriction in web browsers. A Python script is not bound by any such restrictions, so it would be free to make any direct requests (GET, POST, PUT, DELETE, etc...) without requiring any sort of CORS support by the server.

Kris

Kris Kaplan

Anonymous · ‎09-18-2015

Thanks Kris! I'll just use Python then 🙂 Thank you for your help!

FUSION

XMLHttpRequest - CORS with Origin is null

XMLHttpRequest - CORS with Origin is null

Forums Links

Post to forums