Community

XMLHttpRequest - CORS with Origin is null

XMLHttpRequest - CORS with Origin is null

Anonymous
Not applicable
2,909 Views
6 Replies
Message 1 of 7

XMLHttpRequest - CORS with Origin is null

Anonymous
Not applicable
‎09-18-2015 08:20 AM

Greetings!

 

So I've been trying to create an JS action-script that uses Cross Origin Resource Sharing.  I am using an nginx server and have already created the appropriate headers in my nginx.conf file to allow "access-control-allow-origin: *".  However, when I call the script, I am getting a "access-control-allow-origin origin is null" issue.  Does anyone know what the origin is in Fusion 360?  I have an underlying suspicion that Fusion 360 might be calling from origin: File:///   but I am unsure.  Does anyone have any ideas or suggestions for what I should try out?

0 Likes
Like
Report
Accepted solutions (1)
Solution 1
2,910 Views
6 Replies
Replies (6)
Message 2 of 7

KrisKaplan
Autodesk
Autodesk
‎09-18-2015 09:34 AM

You can verify in the debugger console with 'location.origin' that the origin is indeed 'File://' as the script's html file is opened as a local file in the browser.

 

I'm not sure I have any great suggestions.  The standard ones would be to try JSONP instead.

Or to run your code from a local server instead of file.  You could do this by first running a local server (maybe a simple Python or Node server) to host your script files, and have your main Fusion script use something like "location.href = 'http://localhost:pornum/myscript.html'" to navigate the page to the local server hosted script which will give you a non-null origin.

Or you could do this in a Python script instead (using something like the 'requests' library) where there are no browser security issues.

 

Kris



Kris Kaplan
0 Likes
Like
Report
Message 3 of 7

Anonymous
Not applicable
in reply to KrisKaplan
‎09-18-2015 10:57 AM
I noticed that the origin is indeed : File:// as it is getting called locally from the browser.

I might try the method that you mentioned of using location.href or take the Python approach.

I would take the JSONP approach but it would not allow me to perform a POST. I am trying to post data to a site via CORS. But I will look further into these two suggestions you have provided.

Does Python not have a preflight session when performing CORS related operations?
0 Likes
Like
Report
Message 4 of 7

KrisKaplan
Autodesk
Autodesk
in reply to Anonymous
‎09-18-2015 12:38 PM

CORS is really a web browser specific security protocol.  It does not really apply to requests made outside of a browser's security context, such as from Python running in a desktop application like Fusion.  Of course, you would be free to preflight requests from Python if you wish by directly making the OPTIONS request and interpreting the Access-Control-* headers, but I don't see why you would ever want to do that.

 

Kris



Kris Kaplan
0 Likes
Like
Report
Message 5 of 7

Anonymous
Not applicable
in reply to KrisKaplan
‎09-18-2015 02:16 PM
Oh, I am trying to use CORS so that I can use the script to both export the design as a STEP file and also send it to my site on another domain. Hence, I wanted to look into the options regarding posting a file.
0 Likes
Like
Report
Message 6 of 7

KrisKaplan
Autodesk
Autodesk
in reply to Anonymous
‎09-18-2015 02:23 PM
Accepted solution

CORS is a protocol to bypass the 'same origin' security restriction in web browsers.  A Python script is not bound by any such restrictions, so it would be free to make any direct requests (GET, POST, PUT, DELETE, etc...) without requiring any sort of CORS support by the server.

 

Kris



Kris Kaplan
0 Likes
Like
Report
Message 7 of 7

Anonymous
Not applicable
in reply to KrisKaplan
‎09-18-2015 02:32 PM
Thanks Kris! I'll just use Python then 🙂 Thank you for your help!
0 Likes
Like
Report
Report a website issue