FREE DOWNLOAD MANAGER
All the ideas and discussions
Add Access-Control-Allow-Origin to Remote Server
Hi!
I've been playing with your FDM Remote Server and trying to work out ways of remotely queuing downloads on my HTPC. e.g. I want FDM on my HTPC, and a browser extension that injects context menu option to remotely queue the download to FDM on my HTPC. However in trying to get a custom Chrome extension going, I noticed the popup that I was trying to pull the queue status into wasn't loading. Here's the Chrome error just for the sake of it:
Code:
Failed to load resource: the server responded with a status of 401 (Authorization Required) http://192.168.1.28:8081/
XMLHttpRequest cannot load http://192.168.1.28:8081/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'chrome-extension://mdaoifngjmilepkbdicgkbboacfpidag' is therefore not allowed access. status.html:1
Uncaught NetworkError: A network error occurred.
Here's the ajax request:
Code:
var status = "http://192.168.1.28:8081/";
var completed = "http://192.168.1.28:8081/compdlds.req";
var username = "test";
var password = "test";
window.addEventListener("load", function() {
xmlhttp = new XMLHttpRequest();
xmlhttp.open("GET", status, false, username, password);
xmlhttp.send(null);
if (xmlhttp.status == 200) {
var data = xmlhttp.responseTest;
document.body.innerHTML(data);
console.log(data);
} else {
document.body.innerHTML("Failed to load the data !");
}
});
The resonse for the error is because FDM Remote Service doesn't include the "Access-Control-Allow-Origin" in its HTTP header responses. It makes life difficult for a Web app to remotely access the server in general. This is naturally a non-issue if the Web app is being served from the same domain/IP address as FDM. Here's a good description of this feature: (its not FireFox specific) https://developer.mozilla.org/en/docs/H ... ntrol_CORS
So, I'm suggestion/asking that you add:
Access-Control-Allow-Origin: *
:to the Remote Server's HTTP responses.
You could make it an optional setting, like a string to lock the cross domain down. (think of it as another layer of access control in this instance)
If you did, it would make it much easier to work with the service from a browser extension or general web app.
Please and thank you!