content api questions
  • Hello again!

    I am currently trying to get information from contentapi to display on my page. According to the documentation, I need to pass the Authorization: Token from SuperDesk.

    For the life of me, I can't seem to figure out a way to pass this info back to the header. I keep getting a 401 error and also I get a CORB warning. 

    Our intention is to primarily use the content api to display our articles on a Joomla frontend. Any help at all in this regard would be amazing!
  • 4 Comments sorted by
  • Just to follow up, here is some code I'm experimenting with that is not working. There is nothing sensitive in the response so no problem sharing the details here:

    var xhr = new XMLHttpRequest();


    xhr.open("GET", url, false);
    xhr.setRequestHeader('Access-Control-Allow-Headers', '*');
    xhr.setRequestHeader('Authorization', 'Basic b7zo51xk88wh2DWkirsk+C0C9OerdfND6wo6TRIRcJC269rPf7TNxw==');
    xhr.send("");
    alert(xhr.status);

    xhr.onreadystatechange = function() {
    if (this.readyState === 4) {
    console.log('Status:', this.status);
    console.log('Headers:', this.getAllResponseHeaders());
    console.log('Body:', this.responseText);
    }
    };
  • Figured it out! Looks like default.inc in nginx/conf.d/ need to have the following added to allow connections

        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET';
        add_header 'Access-Control-Allow-Headers' Authorization';



  • Just updating this answer for syntax

    location /contentapi {
        proxy_pass http://localhost:5400;
        proxy_set_header Host localhost;
        expires epoch;
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
        add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
    }
  • thanks for all the info, we usually don't use contentapi from js client so didn't have that problem before