Is it possible to set the HTTP parameter Access-Control-Allow-Origin?
Reason I’m asking is: I’m including results from the API in another HTML page through custom AJAX. It fails if Access-Control-Allow-Origin isn’t set to *. It’s internal only, so security isn’t my concern in this case.
I’m running the built-in webserver, and I’d prefer to keep that for simplicity.
That’s the code inside Octopus itself - we copied and pasted it so you can see exactly what headers Octopus is already setting. This code is running on your Octopus server right now. Have you tried writing your HTML page making the AJAX calls yet? It should already work.
It is possible that Chrome has problems setting up the CORS headers when running this from a local file. Try hosting you file one a webserver (localhost should work i think) and then open it from chrome.
I’m also having problems with this - it looks like the Access-COntrol-Allow-Headers is missing x-octopus-apikey ?
Firefox Developer logs:
This site makes use of a SHA-1 Certificate; it’s recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More] releases
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://deploy01/api/projects/projects-65/releases. (Reason: missing token ‘x-octopus-apikey’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://peg-bendeploy01/api/projects/projects-65/releases. (Reason: CORS request failed).