Open
Bug 1023163
Opened 11 years ago
Updated 8 years ago
Add CORS header for export.php
Categories
(Webtools :: PTO, defect)
Tracking
(Not tracked)
REOPENED
People
(Reporter: julienw, Unassigned)
References
(Depends on 1 open bug)
Details
Attachments
(1 file)
|
53 bytes,
application/x-php
|
Details |
Ideally I'd like to access the script for any origin, but I'd understand that we restrict it to *.mozilla.org only.
The goal is to do a JS-based app to parse output of export.php so that we can generate the mandatory form needed for the french government. Being JS-based would allow to keep all credentials client side, and even managed by the browser itself, which is a good thing.
|
||
Comment 1•11 years ago
|
||
export.php is deprecated, sorry.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
|
Reporter | |
Comment 2•11 years ago
|
||
And so, what's the expected way to get json data from pto.mozilla.org, Laura?
|
|
||
Comment 3•11 years ago
|
||
Privacy has requested that no-one be able to view anyone else's PTO (except for the payroll people who need it to work). So the list of all PTOs is going away.
Is this feature something you want for your own PTO? If so, I can do it as part of bug 506192.
|
|
Reporter | |
Comment 4•11 years ago
|
||
In the application I am doing for french employees (where we need to fill in a form every month if we took a day off the month before), I'd need that this application can access the data. However this works well enough if one employee accesses its own data and that's all.
The current code uses a Firefox addon to overcome the same-origin protection. It loads data from export.php, using whatever authentication data the user is supplying in the normal Basic Auth form (so the application doesn't know this authentication data).
But it would be easier if it'd be a simple page on people.mozilla.org, that's why I asked for this CORS header.
Hope this clears things up :)
|
||
Comment 5•11 years ago
|
||
Seems doable if you build your people page so that it fetches the data via XHR (with CORS). Laura, I figure we can just make a view that spits out the same data as the "view your own PTO" page, except as raw JSON?
I'll reopen and make it dependent on Laura's feature. Either she adds it while she's on a roll, or I can add it thereafter ;) No problem.
|
|
Reporter | |
Comment 6•10 years ago
|
||
Note that I'd still need an JSON export... in the mean time I'll try to parse the HTML output but clearly that's gross.
|
||
Comment 7•8 years ago
|
||
Kindly add this code on the top where you start the php
<?php
header("Access-Control-Allow-Origin: *");
It will allow you to make the cross site request. Also you need to enable cross site when you will make the request.
|
|
||
Comment 8•8 years ago
|
||
Allow cross origin request
You need to log in
before you can comment on or make changes to this bug.
Description
•