glot-run icon indicating copy to clipboard operation
glot-run copied to clipboard

Published 20 hours ago verified publisher icon prasmussen

CORS issue

Open itaditya opened this issue 7 years ago • 10 comments

Hi I'm unable to make an AJAX request to glot.io. I keep getting this error.

Failed to load https://run.glot.io/languages/python/latest: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 405.

itaditya avatar Oct 18 '17 10:10 itaditya

Hi I am not able to call https://run.glot.io/languages/python/latest in Angular 5 application it gives following error.

Failed to load https://run.glot.io/languages/python/latest: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 405. screenshot 226

alokshakya avatar Apr 10 '18 18:04 alokshakya

Yeah, CORS is not supported at this time. I'm currently working on a new version of the api where I will consider allowing it. It will take at least a couple of months before the new api is ready though.

prasmussen avatar Apr 10 '18 19:04 prasmussen

So we can't run code in glot from localhost? Is there a workaround for that?

sbstnssndn avatar Jun 15 '18 17:06 sbstnssndn

Create a backend server. From your frontend send a request to the server and from the server make a request to glot. For a working implementation check out https://github.com/itaditya/Code-Runner

itaditya avatar Jun 15 '18 18:06 itaditya

Aaah I see, thanks. Sorry, why does this work? I thought if a request didn't work from the front, it wouldn't work from the back either.

sbstnssndn avatar Jun 15 '18 18:06 sbstnssndn

A request sent from browser i.e. Ajax is different from what is sent by the server. Since the request on the client side can be tampered by bad actors, it is less secure that is why cors exist to prevent sending requests from client side. Many Payment gateways also accept request from server only

itaditya avatar Jun 16 '18 06:06 itaditya

is this fixed @prasmussen

sanjayme97 avatar Apr 13 '20 09:04 sanjayme97

@sanjayme97 This might help you. https://github.com/Rob--W/cors-anywhere

chumaumenze avatar May 10 '20 01:05 chumaumenze

@prasmussen, I see some unused code for CORS https://github.com/prasmussen/glot-run/blob/master/apps/glot/src/http/http_util.erl#L72-L83

Would you accept a PR?

ten0s avatar May 11 '20 17:05 ten0s

@prasmussen, I see some unused code for CORS https://github.com/prasmussen/glot-run/blob/master/apps/glot/src/http/http_util.erl#L72-L83

Would you accept a PR?

Sorry, but I won't do any changes to the current version in regards to CORS

prasmussen avatar May 11 '20 17:05 prasmussen