I’m trying to make an API call from TileBoard. I can make the API call from Postman without an issue, but it doesn’t work due to CORS restrictions when trying to execute in the browser. Basically, it looks like I need to include the Access-Control-Allow-Origin header in my response, but I don’t see any way to include a header. Is this possible?
SSL in tileboard and not in appdaemon?
or the other way around?
or in homeassistant and not in AD?
basicly, if you have ssl active its very hard to get info from 1 server in an page in JS on another.
I’ve got SSL set up properly for both. I get the following error in the Chrome console:
XMLHttpRequest cannot load <api_url>. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin <tileboard_url> is therefore not allowed access.
Like I said, I can send the request from Postman, so it’s not an issue of being able to hit the API. I also tested using a middleman proxy to make the request and that worked as well, but I’d rather avoid that longterm. So, in order to process this request successfully, I’d need to include an ‘Access-Control-Allow-Origin’ header in the data I return.
From what I can tell, it looks like the following line in adapi.py handles responding to an API request:
return web.json_response(ret, status = code)
The json_response function does support including headers so I think this piece of code would have to be updated to account for that.
i think your best bet is to see if anyone in the tileboard section know how to alter your JS.
i have struggled with those kind of stuff before (also trying to connect from HAdashboard to HA or AD)
at some point i found out that i needed to add some settings to the HA config to get that working.
the server must support it. and i am afraid that those settings are not available in AD, so i am not sure if it is at all possible.
its something about a bidirectional contact between the requesting javascript and the server (api server) which must be enabled on the serverside and requested at the JS side.
No worries, I can come up with another way to do what I want to do without using the AppDaemon API. It’ll just be an extra step.
EDIT: I did some digging and it looks like the aiohttp library does not support CORS. There is an aiohttp-cors library that AppDaemon would have to utilize to in order to make this work. https://github.com/aio-libs/aiohttp-cors
