INTERACT FORUM
More => Old Versions => JRiver Media Center 20 for Windows => Topic started by: rlebrette on August 12, 2014, 10:19:34 am
-
This is a very simple request to implement.
Until now, all the webservices provided by JRiver are not usable via AJAX from a page hosted on another webserver.
This is due to the cross-domain limitations.
The modern web browsers are supporting CORS mechanism (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).
It allows any page from another domain to do an AJAX call if it's explicitly allowed by the webservices.
It would be sufficient to add the HTTP header "Access-Control-Allow-Origin" to the response issued by MC as soon as the request contains the HTTP header "Origin".
Since all services are already secured by the user/password, this could be set to allow any website with the following statement:
Access-Control-Allow-Origin: *
This would help a lot to write web applications interacting with JRiver.
-
"Access-Control-Allow-Origin: *" is already being sent today in MC19 for all MCWS calls.
This was required for ChromeCast to be able to interact with MC for video streaming.
-
"Access-Control-Allow-Origin: *" is already being sent today in MC19 for all MCWS calls.
This was required for ChromeCast to be able to interact with MC for video streaming.
It was not the case last time I've checked, and since ChromeCast support's is quite new, I've not checked again.
That's cool!
Thanks Hendrik
-
And it was not in the release notes! ;)
-
Sure was!
19.0.129 (4/17/2014)
5. SDK: The MCWS web service responses set a CORS "Access-Control-Allow-Origin" header.
-
I've to change my glasses... ;D
-
I've done several tests and all are failing, is there something specific to set in MC or a specific URL to call to initiate the connection?
What ever I do I get:
XMLHttpRequest cannot load http://my-jrmc-server:52199/MCWS/v1/Authenticate. No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://my-web-server:8080' is therefore not allowed access.
And everything seems ok in the headers,
Accept:application/xml, text/xml, */*; q=0.01
Cache-Control:no-cache
Content-Type:text/plain
Origin:http://my-web-server:8080
Pragma:no-cache
Referer:http://my-web-server:8080/#
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
When adding withCredentials to the Ajax request the message is different:
XMLHttpRequest cannot load http://my-jrmc-server:52199/MCWS/v1/Authenticate. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true.
Origin 'http://my-web-server:8080' is therefore not allowed access.
-
This still does not work in the MAC version. Not sure about the windows version ? any update ?
-
Reviving this topic since I'm hitting the same problem as rlebrette.
Returning Access-Control-Allow-Origin = * works only if MCWS authentication is turned off. If you turn authentication on, preflight mode is required by all browsers.
This means MCWS needs to support OPTIONS requests, see http://www.html5rocks.com/en/tutorials/cors/ (http://www.html5rocks.com/en/tutorials/cors/) and http://enable-cors.org/server.html (http://enable-cors.org/server.html). Not that complicated, but still quite ugly.
I have a minimal Javascript test page for this if you're interested.
For my application (a [free] web-based classical music tagger for MC, still in its early infancy), I need authentication to be able to do File/SetInfo. I see the following options:
- 1. Use a local or remote web server to serve my app, and I then need full CORS support (i.e. with preflight). Clean, but requires non-negligible work by the JRiver team., I was doing this until I ran into the CORS issue...
- 2. Use MC itself as the web server (I only need static web pages). This completely runs around the CORS issue, which is nice. The problem is that AFAIK there is no official place to drop files served by the MC web server. I am currently highjacking a subdirectory of Gizmo, but that's not a sustainable solution. This would require some new setting to point the MC web server to a non-JRiver folder.
Ideally, I would like to see both (1) and (2) happen. I'll be happy to get either (1) or (2). Any other approaches coming to mind?
-
Supporting an OPTIONS CORS request shouldn't be that much effort, the basics of it look pretty simple.
If you can give me that sample to test if the browser accepts it, I'll see what I can do.
-
Thanks for looking into it.
My quick-and-dirty test page is attached. It just does an MCWS Authenticate request. If that works, everything else should be fine...
I have only checked it on Chrome, but it should be browser-independent (famous last words).
-
Side note. Highjacking the internal MC web server at 52199 by installing my test web page under the Gizmo directory does get around the CORS issue, as expected. Not a usable long-term solution since stuff there could be wiped out by any MC update, but good enough for development & testing.
-
Just wondering if there was any follow up on this? I'm running into the same issue trying to write a simple javascript app that lets me write tags back to the DB.