I think your code to send the token is faulty. I see this:
Authorization: Bearer [object Object]
I've changed the server code to send the CORS headers. If you let me
know what platform you are using I'll send you a binary.
73,
John
On 06/10/2024 19:38, Rik M7GMT wrote:
toggle quoted message
Show quoted text
That's very strange, John. I've attached a couple of
screenshots of the Firefox developer console, and a .har file
which you can import into your own browser console so that you
can click around on the various requests and see details for
yourself.
?
You can see that the request to /api/request_token
succeeds and I get a token in the response. This token is then
supplied as part of the request to /api/nodes,
but this fails with a CORS error: Cross-Origin
Request Blocked: The Same Origin Policy disallows reading the
remote resource at .
(Reason: CORS preflight response did not succeed). Status
code: 403.
?
It doesn't make much sense to have an open API if it's only
usable from pages served by BPQ itself, so I would suggest
allowing any origin, rather than relying on pages to be served
by BPQ. As I mentioned earlier, this will only affect browsers
as other tools like NodeJS and Python don't actually bother
checking or obeying CORS rules anyway.
