Media Server, API, Missing Header Entry

[DetlefM]

I try to write a javascript application to access the web api from Mediaserver (like Electron).

Unlike other programming languages javascript restricts the requests to cross origin web services.

Only if cross origin calls are allowed from the website they are done from the javascript engine..

The Webservice can allow this access by send a header entry like 'Access-Control-Allow-Origin', '*''.

Today I get around with a small proxy server who adds this header to every requests - which is fine in development stage but not really fine for deployment.

I  havn't really understand what kind of Access Control is possible but I think for a local server like the DVB MediaServer to allow every access is ok because it is also possible with every other programming language.

 

see also https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

 

I have attached my  mini python server and a html page for testing. Please use firefox or chrome. The steps are :

Install python3 if not already on your machine, edit pyproxy.py and dvbtest.html with the correct address of the media server (my media server is on 192.168.0.108) and start it with python pyproxy.py

Afterwards you can open the html file dvbtest.html with firefox or chrome - Edge didn't work. I think I must provide for Edge something to the request to make a cross origin call.

The html files a correct result from the pyproxy.py and no result from the original server.

test.zip

Edited May 29, 2017 by DetlefM
Additional information

[Griga]

We (Tjod and me) had a short internal discussion about this matter. Will be looked after. Sooner or later... the main shortage here is time.

[DetlefM]

Take time, during my development there might be other issues I will find.

I will create new topics/questions/requests as it pops up for me. And when finally I came to a solution which can be tested there is the time to look over all "feature requests".