Configuring Cross-Origin Request Domains
For example, if you’re doing development locally on a server running on port 3449, and you
intend your live application to be hosted at
https://my.company.com/, your Allowed Domains
list should include these:
In groov Build, your configuration would look like this:
Be sure to click Save Settings at the top of the Project Settings panel for changes here to take effect!
Note that you only need to include a port number if your web server is running on a nonstandard
port, and you need to include the protocol (
https) as well. The actual URL
of your application is not included.
Note: groov does not support wildcard CORS access. You’ll need to explicitly list each domain that you trust to make requests to your groov instance.
There are several reasons that requests to groov from within a webpage may fail, and it’s not always possible to tell them apart from within your application. Some common ones you may run into are:
HTTP 401 responses
These mean groov didn’t find or recognize an API key in your request.
HTTP 403 responses
These mean groov did find and recognize your API key, but the user attached to that API key wasn’t authorized to make that request. For example, the Data Store API is currently only accessible to users with the Editor or Administrator role.
HTTP 404 responses
This means your URL was wrong. You might have the wrong endpoint entirely, or if it’s an endpoint that includes a parameter (reading a Data Store tag’s value, for example), you may have used an identifier that doesn’t exist in your project.
In some cases, your XmlHttpRequest’s
error handler will be called, instead of your
handler. This usually means that the browser blocked the request, and you’ll have to look
- The browser couldn’t find the server you’re making a request to. Is your hostname correct?
- The browser didn’t recognize the SSL certificate on the server you’re making a request to. If you use a self-signed certificate on your groov instance, you’ll need to make sure that any browser you want to connect to it from trusts the certificate.
As a concrete example of the latter CORS error, this is what Firefox shows when a request is made from a server not included in the CORS whitelist:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://ar1.mycompany.com/api/v1/data-store/tags. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).