Announcement

Collapse
No announcement yet.

Lms cors

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Lms cors

    > Wow that was quick, I'll try it out. Thanks!

    Does it work for you?


    --

    Michael
    Scott Kramer

    #2
    LMS CORS Access-Control-Allow-Origin

    Click image for larger version

Name:	Screen Shot 2018-07-30 at 6.18.33 AM.png
Views:	1
Size:	160.7 KB
ID:	1564795

    Hello,

    I can't call the LMS api direct from javascript (browser) --> any chance the required header(s) (Access-Control-Allow-Origin) could be added to the LMS server responses?

    *Feature Request

    Thanks!!
    Scott
    Last edited by sckramer; 2018-07-30, 11:42.
    Scott Kramer

    Comment


      #3
      Lms cors

      > I can't call the LMS api direct from javascript (browser) --> any chance
      > the required header(s) (Access-Control-Allow-Origin) could be added to
      > the LMS server responses?


      I'm not saying this is going or not going to happen. But I see an
      increased interest in this... added it to my list.

      --

      Michael
      Michael

      "It doesn't work - what shall I do?" - "Please check your server.log and/or scanner.log file!"
      (LMS: Settings/Information)

      Comment


        #4
        Lms cors

        > I can't call the LMS api direct from javascript (browser) --> any chance
        > the required header(s) (Access-Control-Allow-Origin) could be added to
        > the LMS server responses?


        Could you please provide me with a very simple test page which would be
        using this?

        --

        Michael
        Michael

        "It doesn't work - what shall I do?" - "Please check your server.log and/or scanner.log file!"
        (LMS: Settings/Information)

        Comment


          #5
          Sure!

          Working on it now--

          Thank You
          Scott Kramer

          Comment


            #6
            Here you go... just type in your lms ip address, hit enter.

            ---> lms CORS api test

            Best to have dev tools / console open to see the CORS messages (not sure how to capture those yet for the ui)

            To test the successful case (and make the output examples), had to set up a web server along side LMS on the same server, matching ip addresses let it work.

            Click image for larger version

Name:	Untitled.png
Views:	1
Size:	137.7 KB
ID:	1564798
            Last edited by sckramer; 2018-07-30, 22:27.
            Scott Kramer

            Comment


              #7
              Like this? :-)

              Click image for larger version

Name:	Bildschirmfoto 2018-07-30 um 23.29.13.png
Views:	1
Size:	100.2 KB
ID:	1564799

              I did try to implement this during a train ride... needs some more work, but I'm getting close. Much to my surprise I never got the OPTIONS call.
              Michael

              "It doesn't work - what shall I do?" - "Please check your server.log and/or scanner.log file!"
              (LMS: Settings/Information)

              Comment


                #8
                Lms cors

                Please give it a try... next builds should have it.
                Settings/Advanced/Security

                --

                Michael
                Michael

                "It doesn't work - what shall I do?" - "Please check your server.log and/or scanner.log file!"
                (LMS: Settings/Information)

                Comment


                  #9
                  Originally posted by mherger View Post
                  Like this? :-)

                  I did try to implement this during a train ride... needs some more work, but I'm getting close. Much to my surprise I never got the OPTIONS call.
                  Haha, NICE!

                  OPTIONS comes up if Content-Type is set to application/json -- 405 method not allowed (I had it set text/plain).

                  Updated the test with a selector for that.

                  Click image for larger version

Name:	Screen Shot 2018-07-31 at 8.01.00 AM.png
Views:	1
Size:	140.6 KB
ID:	1564800
                  Scott Kramer

                  Comment


                    #10
                    Originally posted by mherger View Post
                    Please give it a try... next builds should have it.
                    Settings/Advanced/Security

                    --

                    Michael
                    Wow that was quick, I'll try it out. Thanks!

                    PS. was writing up my last post and you replied during!
                    Last edited by sckramer; 2018-07-31, 15:57.
                    Scott Kramer

                    Comment


                      #11
                      It works perfectly.

                      Tested windows, mac, and piCorePlayer --> that can now use LMS nightlies!

                      Thank You
                      Attached Files
                      Last edited by sckramer; 2018-08-03, 17:23.
                      Scott Kramer

                      Comment


                        #12
                        Click image for larger version

Name:	Screen Shot 2019-07-23 at 11.51.22 AM.jpg
Views:	1
Size:	118.5 KB
ID:	1566696




                        Just FYI in case someone would like to play with this, you can load in your LMS library (into local browser indexedDB) and then search it locally (very quick fuzzy realtime, 50K+ tracks etc) -- also when in titles view you can play the song directly in the browser.

                        (remember you have to add the url into the cors allowed list) If it's working correctly you should get a blue response from serverstatus:
                        Attached Files
                        Last edited by sckramer; 2019-07-26, 01:05.
                        Scott Kramer

                        Comment


                          #13
                          Release Notes

                          //10-26-2018 0.5 SCK albums list
                          //07-20-2019 0.6 SCK browser audio (now playing)
                          //07-25-2019 SCK 2019.2 rescan funcs, coverart roughed in (songinfo/folder) note: keep pressing go for example, save lms ip, misc autoload, links (control/search), safari audio not working
                          //07-31-2019 SCK 2019.2a fix safari audio


                          Last edited by sckramer; 2019-07-31, 19:15.
                          Scott Kramer

                          Comment


                            #14
                            Hi, I can only get http://www.clevelanddata.com/ working is I disable the security features in Chrome. I am running on Windows and running LMS 7.9.2. In the dev tools I see:

                            Code:
                            {"id":1,"method":"slim.request","params":["-",["serverstatus","-",100,"tags:GPASIediqtymkovrfijnCYXRTIuwxNlasc"]]}                                                api.min.js:1
                            text                                                                                                                                                                                                                                 api.html:1
                                    
                            Access to XMLHttpRequest at 'http://ZZZZ:[email protected]:9000/jsonrpc.js' from origin 'http://www.clevelanddata.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.
                                                                                                                                                                                                                                                                  api.min.js:1
                            DONE 0                                                                                                                                                                                                                         api.min.js:1
                            REJECT 0                                                                                                                                                                                                                     api.min.js:1
                            [error] XMLHttpRequest {readyState: 4, timeout: 0, withCredentials: false, upload: XMLHttpRequestUpload, onreadystatechange: ƒ, …}               api.min.js:1
                            
                            POST http://ZZZZ:[email protected]:9000/jsonrpc.js net::ERR_FAILED
                            (anonymous)             @ api.min.js:1
                            post                           @ api.min.js:1
                            go                              @ api.min.js:1
                            (anonymous)             @ api.min.js:1
                            dispatch                    @ jquery-3.4.1.slim.min.js:2
                            v.handle                    @ jquery-3.4.1.slim.min.js:2​
                            When I try to make my own call using
                            Code:
                            fetch
                            I get the following:

                            Code:
                            Access to XMLHttpRequest at 'http://ZZZZ:[email protected]:9000/jsonrpc.js' from origin 'http://localhost:8001' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
                            Which I believe is related.

                            Both work fine with when chrome is run like this
                            Code:
                            .\chrome.exe --user-data-dir="C:\Users\xxxx\Documents\my\data" --disable-web-security
                            - but only when the appropriate URLs are added to the CORS ALLOWED HOSTS section on the LMS.

                            Any clues as to if this is:
                            a) a bug?
                            b) I am doing something wrong?
                            c) I need to upgrade LMS to a later version of the server?

                            Comment


                              #15
                              Is this website doing the call on a backend or in the browser? If the latter, then you’re exposing credentials to access your LMS in the public.
                              Michael

                              "It doesn't work - what shall I do?" - "Please check your server.log and/or scanner.log file!"
                              (LMS: Settings/Information)

                              Comment

                              Working...
                              X