INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: [REQ] Make MCWS CORS compliant  (Read 5050 times)

rlebrette

  • Guest
[REQ] Make MCWS CORS compliant
« on: August 12, 2014, 10:19:34 am »

This is a very simple request to implement.

Until now, all the webservices provided by JRiver are not usable via AJAX from a page hosted on another webserver.
This is due to the cross-domain limitations.
The modern web browsers are supporting CORS mechanism (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).
It allows any page from another domain to do an AJAX call if it's explicitly allowed by the webservices.

It would be sufficient to add the HTTP header "Access-Control-Allow-Origin" to the response issued by MC as soon as the request contains the HTTP header  "Origin".
Since all services are already secured by the user/password, this could be set to allow any website with the following statement:

Code: [Select]

Access-Control-Allow-Origin: *


This would help a lot to write web applications interacting with JRiver.
Logged

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10942
Re: [REQ] Make MCWS CORS compliant
« Reply #1 on: August 12, 2014, 10:21:03 am »

"Access-Control-Allow-Origin: *" is already being sent today in MC19 for all MCWS calls.
This was required for ChromeCast to be able to interact with MC for video streaming.
Logged
~ nevcairiel
~ Author of LAV Filters

rlebrette

  • Guest
Re: [REQ] Make MCWS CORS compliant
« Reply #2 on: August 12, 2014, 10:23:42 am »

"Access-Control-Allow-Origin: *" is already being sent today in MC19 for all MCWS calls.
This was required for ChromeCast to be able to interact with MC for video streaming.

It was not the case last time I've checked, and since ChromeCast support's is quite new, I've not checked again.
That's cool!

Thanks Hendrik
Logged

rlebrette

  • Guest
Re: [REQ] Make MCWS CORS compliant
« Reply #3 on: August 12, 2014, 10:25:16 am »

And it was not in the release notes! ;)
Logged

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10942
Re: [REQ] Make MCWS CORS compliant
« Reply #4 on: August 12, 2014, 10:26:14 am »

Sure was!

Quote
19.0.129 (4/17/2014)

5. SDK: The MCWS web service responses set a CORS "Access-Control-Allow-Origin" header.
Logged
~ nevcairiel
~ Author of LAV Filters

rlebrette

  • Guest
Re: [REQ] Make MCWS CORS compliant
« Reply #5 on: August 12, 2014, 10:33:06 am »

I've to change my glasses...  ;D
Logged

rlebrette

  • Guest
Re: [REQ] Make MCWS CORS compliant
« Reply #6 on: August 13, 2014, 04:21:31 pm »

I've done several tests and all are failing, is there something specific to set in MC or a specific URL to call to initiate the connection?

What ever I do I get:

Code: [Select]
XMLHttpRequest cannot load http://my-jrmc-server:52199/MCWS/v1/Authenticate. No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://my-web-server:8080' is therefore not allowed access.

And everything seems ok in the headers,

Code: [Select]
Accept:application/xml, text/xml, */*; q=0.01
Cache-Control:no-cache
Content-Type:text/plain
Origin:http://my-web-server:8080
Pragma:no-cache
Referer:http://my-web-server:8080/#
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

When adding withCredentials to the Ajax request the message is different:

Code: [Select]
XMLHttpRequest cannot load http://my-jrmc-server:52199/MCWS/v1/Authenticate. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true.
Origin 'http://my-web-server:8080' is therefore not allowed access.
Logged

rafverhoogen

  • Junior Woodchuck
  • **
  • Posts: 52
Re: [REQ] Make MCWS CORS compliant
« Reply #7 on: February 24, 2015, 08:15:24 am »

This still does not work in the MAC version. Not sure about the windows version ? any update  ?
Logged

tiberiuspv

  • Recent member
  • *
  • Posts: 49
Re: [REQ] Make MCWS CORS compliant
« Reply #8 on: June 12, 2015, 12:14:06 am »

Reviving this topic since I'm hitting the same problem as rlebrette.
Returning Access-Control-Allow-Origin = * works only if MCWS authentication is turned off. If you turn authentication on, preflight mode is required by all browsers.
This means MCWS needs to support OPTIONS requests, see http://www.html5rocks.com/en/tutorials/cors/ and http://enable-cors.org/server.html. Not that complicated, but still quite ugly.
I have a minimal Javascript test page for this if you're interested.

For my application (a [free] web-based classical music tagger for MC, still in its early infancy), I need authentication to be able to do File/SetInfo. I see the following options:
  • 1. Use a local or remote web server to serve my app, and I then need full CORS support (i.e. with preflight). Clean, but requires non-negligible work by the JRiver team., I was doing this until I ran into the CORS issue...
  • 2. Use MC itself as the web server (I only need static web pages). This completely runs around the CORS issue, which is nice. The problem is that AFAIK there is no official place to drop files served by the MC web server. I am currently highjacking a subdirectory of Gizmo, but that's not a sustainable solution. This would require some new setting to point the MC web server to a non-JRiver folder.

Ideally, I would like to see both (1) and (2) happen. I'll be happy to get either (1) or (2). Any other approaches coming to mind?
Logged

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10942
Re: [REQ] Make MCWS CORS compliant
« Reply #9 on: June 12, 2015, 05:24:43 am »

Supporting an OPTIONS CORS request shouldn't be that much effort, the basics of it look pretty simple.
If you can give me that sample to test if the browser accepts it, I'll see what I can do.
Logged
~ nevcairiel
~ Author of LAV Filters

tiberiuspv

  • Recent member
  • *
  • Posts: 49
Re: [REQ] Make MCWS CORS compliant
« Reply #10 on: June 12, 2015, 10:28:50 am »

Thanks for looking into it.
My quick-and-dirty test page is attached. It just does an MCWS Authenticate request. If that works, everything else should be fine...
I have only checked it on Chrome, but it should be browser-independent (famous last words).
Logged

tiberiuspv

  • Recent member
  • *
  • Posts: 49
Re: [REQ] Make MCWS CORS compliant
« Reply #11 on: June 14, 2015, 09:10:11 pm »

Side note. Highjacking the internal MC web server at 52199 by installing my test web page under the Gizmo directory does get around the CORS issue, as expected. Not a usable long-term solution since stuff there could be wiped out by any MC update, but good enough for development & testing.
Logged

philosowaffle

  • Member
  • *
  • Posts: 4
Re: [REQ] Make MCWS CORS compliant
« Reply #12 on: November 27, 2015, 08:34:09 am »

Just wondering if there was any follow up on this?  I'm running into the same issue trying to write a simple javascript app that lets me write tags back to the DB.
Logged
Pages: [1]   Go Up