Netduma R1 sending POST and GET requests through JSON

[ByMgRs]

Hey all!

 

This is going to be a question more aimed at web designers/anyone who are knowledgeable about CORS. I wanted to have a look into developing a simple webpage that I could use to update settings on my R1 such as changing Strict mode, radius and ping etc. I tried simply using a jQuery ajax request which I expected would fail. As a response I received:

XMLHttpRequest cannot load http://R1ipwouldbehere/cgi-bin/update_distance.sh. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 501.

So i attempted to add a access-control-allow-origin header with no luck, see my code below: 

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://R1ipwouldbehere/cgi-bin/update_distance.sh');
xhr.setRequestHeader('Access-Control-Allow-Origin', '192.168.0.18');
xhr.onreadystatechange = function () {
if (this.status == 200 && this.readyState == 4) {
console.log('response: ' + this.responseText);
}
};
xhr.send();

Any suggestions on how to use CORS?

[Netduma Crossy]

The header has to be added server side. If the page is just for you then you could use a chrome extension such as this to add the header. If you do use that extension, apply the rules carefully as if done incorrectly it could potentially be a security hole in your browser.

[ByMgRs]

Thanks Crossy! I suppose this would not be the correct way to go about making a program accessible by all then? I know I need to go and do some digging but do you know how other apps such as the non-official iPhone app were made?

[Netduma Crossy]

Thanks Crossy! I suppose this would not be the correct way to go about making a program accessible by all then? I know I need to go and do some digging but do you know how other apps such as the non-official iPhone app were made?

 

One possible way to have it accessible is be to make it into a browser extension that adds the header and also shows the options page you are making - then it's all in done one.

 

It's the browser which doesn't allow you to receive the response from the request. So if you make the request through something that isn't a browser e.g. desktop application or mobile application then it's fine.