This is the forum archive of Homey. For more information about Homey, visit the Official Homey website.

The Homey Community has been moved to https://community.athom.com.

This forum is now read-only for archive purposes.
Closed

Can Homey login to a website (with no Access-Control-Allow-Origin present)?

I don't have a lot of experience in Javascript and the whole XMLHttpRequest story, but I've managed to play around with a JSON response from a remote server. Actually I simply started by building a stand-alone html page with Javascript, so not within a Homey app yet. Now I need to login on the remote server, which uses a POST request and gives me a cookie.

Now, I've tried building this but I get the (apparently well known) response:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I'm wondering how I would be able to solve this?

Comments

  • CrunchCrunch Member
    edited February 2016
    Isn't this a thing you need to solve on the server you are making to request to? (CORS headers or something like that).

    Because Homey can definitly login to remote services, I already have it working. (Make POST call, retreive login token, use this in the request headers for other POST/GET calls).
  • edited February 2016
    Quite possibly, yes. However, I don't own the server :)

    Could it be that my problem is specific to me running my Javascript inside a browser, instead of within Homey? I can imagine that other security rules apply because there would be no such thing as cross-site scripting.

    It would seem that I need some kind of middleware (possibly a Python app) which would do the remote requests for me. This way, there wouldn't be cross-site scripting. However, as far as I'm aware, Homey doesn't offer the ability to add Python to apps.
  • You can help yourself with https://developers.athom.com/library/api and homey can be your proxy. or add CORS headers to server you're calling.
  • Both solutions would require access to the server, but the server is not mine, I have no control whatsoever. I can't alter the server headers, I can't make the server push data to Homey. Actually even if I could: I'm not looking for pushing data, I want to login to a remote service (POST), store the cookie and then do some simple GET requests. 

    With Python it's simple, firing a POST request and storing the response cookie works like a charm. With Javascript I get the security error. But I can't make a Python script part of a Homey app, so of course I could set it all up locally, but what if I would want to publish the app to the Homey App Store?

    But again, I'm not experienced in (especially this kind of) Javascript stuff, so I'm curious if someone has a solution. Or perhaps there is no problem at all if this kind of request is done through a Homey app instead of a standalone html file in a Chrome browser.
  • This issue is not a Homey issue I think you will have more luck on stackoverflow to get it working.
  • MatjaLipuMatjaLipu Member
    edited February 2016
    CORS is browser security. You can make regular request to any host from node. Depends on what you're doing. But calling other servers from browser requires CORS.
    You'll need own homey app or install this if it's enough.
    https://forum.athom.com/discussion/770/new-app-in-store-now-simple-http-get-put-post-connector-for-flows
    https://apps.athom.com/app/com.internet
This discussion has been closed.