CORS Update

simPRO API Announcements
Forum rules
  • Check the documentation first. Before posting questions, please check the documentation to ensure it doesn't already cover what you need.
  • No spam. All automated messages, advertisements, and links to competitor websites will be deleted immediately.
  • Post in relevant sub-forums only. Messages posted in the wrong topic area will be removed and placed in the correct sub-forum by moderators.
  • Respect other users. No flaming or abusing fellow forum members. Users who continue to post inflammatory, abusive comments will be deleted from the forum after two warnings are issued by moderators.
  • Harassment. No threats or harassment of other users will be tolerated. Any instance of threatening or harassing behavior is grounds for deletion from the forums.
  • Adult content. No profanity or pornography is allowed. Posts containing adult material will be deleted.
  • Bandwidth. All images and signatures must be 500 x 500 pixels or smaller. Posts containing over-sized images and signatures will be removed.
  • Illegal content. No re-posting of copyrighted materials or other illegal content is allowed. Any posts containing illegal content or copyrighted materials will be deleted.
Post Reply
PremMarkeli
Posts: 147
Joined: Tue Oct 26, 2021 3:11 am

CORS Update

Post by PremMarkeli » Tue Oct 04, 2022 8:17 pm

CORS Update
As part of our security audits we have made the decision to disable cross-origin resource sharing. To date when a call is made to the API we have responded back with Access-Control-Allow-Origin: * This means a web page has been able to make a cross domain call to the API and a response would be given. On Monday 17th of October we will be disabling this ability and you will instead receive a Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at $somesite.

Will this affect me?
If you are making calls to the API via a XMLHttpRequest for example using javascript you will get this error. Server to Server calls such as with CURL will not be affected.

What should I do if I am doing these calls?
You will need to update your code to make the calls from your server such as via CURL rather than doing the calls to the API using XMLHttpRequests. So in the case of javascript you would change your request to doing the XMLHttpRequest to your server, your server would then do a call to the simPRO API, and then return that response back to your XMLHttpRequest.

For more information on CORS please see:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Prem
API Developer | Simpro Software Group
Top
Post Reply

Return to “Announcements”