I have enabled Backendless Console API, I have successfully made login request from javascript BL, but when I tried make login request from my site I received error:
XMLHttpRequest cannot load https://develop.backendless.com/console/home/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'XXXXX' is therefore not allowed access. The response had HTTP status code 400.
So, what are the rules, from where can I call Backendless Console API? I tried set my site in app Domain Control but this had no effect.
Yes, by “I have enabled Backendless Console API” I meant that I installed “Admin and Management API access”
And I have successfully made login request from javascript BL, like so
but then I tried from client javascript with something like that:
var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://develop.backendless.com/console/home/login', true);
xhr.send();
xhr.onreadystatechange = function (e) {
console.log(e);
}
real javascript code is using 3rd party library for post request, but I tried this one with same result :
XMLHttpRequest cannot load https://develop.backendless.com/console/home/login. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘XXXXXXXX’ is therefore not allowed access. The response had HTTP status code 400.
Honestly, your answer sounds like a joke. A bad one. It’s paid functional pack (although a cheap one). It doesn’t even have any mentioning of documentation, I had to search through KB and forum in order to get it. Geez. And then I asked simple question - is where any rules against running API calls from sites, that should be described in doc!
API calls could be done from any site to application just using applicationId and secretKey headers. Console routes from other sites are available only after installing fp.
As you have mentioned, request for login admin in first case successfully returns auth-key header with 200 response code. That means functionality works correctly.
The issue is when you using 3rd party libraries and there is possibility that there is problem with code of that library.
Thanks.
I’m asking just to be sure, cause when I see error “XMLHttpRequest cannot load https://develop.backendless.com/console/home/login. No ‘Access-Control-Allow-Origin’ header is present on the requested resource.” it’s states that header missing on backendless part.
My first call worked, yes, but it was run in backendless BL, so it could be just on same domain.
As to 3rd party javascript library - I wrote that I tried simple XMLHttpRequest with same result
I am using Chrome 50.0.2661.102 (64-bit), but I am on Mac OS. I do not have Windows 8 handy, but will try on Windows 7. I’ll share the request headers so you can compare and see where the difference is.
Mark, thank you for spending your time on this.
Well, I’m clueless. I still see this error in console. Although, I’m also looked at network tab and copied response header manually. And it did contain authkey. Are you telling that this is supposed to work that way? Here is link to recorded video
[video]https://youtu.be/D9bcpmXmtjQ[/video]
Thanks for recording the video. The end result is what you want - an auth-key value which must be present in all subsequent Admin/Management requests.
Do you have access to another computer where you could try the same call?
Also, could you check if the problem occurs for the http:// endpoint URL?
I suspect there is something on your machine that might be getting in the way of a networking call. For example, Cisco AnyConnect (even when it is not running) may impact all CORS requests.
I tried on another machine (windows 7) although on the same network - same result. Http gives same. I have Antivirus - Kaspersky, but I did disabled it for tests. Ok, I’ll try a few other setups, but looks like I’ll have to stick with calls from BL, not the worst outcome, thanks anyway.
