Problems with SOAP request. 'Access-Control-Allow-Origin'
I am having a problem while sending a SOAP request. I've researched this topic and see many posts here and elsewhere on the topic, but nothing that worked for me, or really solves the problem I am having. To be more specific on what I am trying to do, I am trying to access an API on the BrightSign network. Link to documentation here... I have tried executing my request through a javascript function in the html page with no luck. I get "no" Access-Control-Allow-Origin "" error every time. I installed an add-on that I saw as a fix to get around this, and while I didn't get the Access-Control-Allow-Origin error, I got a Code 200 error. My biggest problem with this is that I downloaded the SoapUI and requested there is a request. At the same time, I received a response! I tried to copy and paste the raw XML from SoapUI into my test page to no avail. I get the same errors every time. Any help on this would be greatly appreciated.
thank
Here is the code for my page that I am using:
function soap(){
var xmlhttp = new XMLHttpRequest();
xmlhttp.open('POST', 'https://api.brightsignnetwork.com/2014/12/SOAP/Basic/', true);
// build SOAP request
var sr =
'<soapenv:Envelope xmlns:soap="https://api.brightsignnetwork.com/2014/12/SOAP/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">' +
'<soapenv:Header>' +
'<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">' +
'<wsse:UsernameToken wsu:Id="UsernameToken-541861B587A894A0A714970165483407">' +
'<wsse:Username></wsse:Username>' +
'<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"></wsse:Password>' +
'<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">tlWiCWeD9E8JEaY00RfAhA==</wsse:Nonce>' +
'<wsu:Created>2017-06-09T13:55:48.340Z</wsu:Created>' +
'</wsse:UsernameToken>' +
'</wsse:Security>' +
'</soapenv:Header>' +
'<soapenv:Body>' +
'<soap:GetDynamicPlaylistByName>' +
'<soap:name></soap:name>' +
'<soap:loadContent></soap:loadContent>' +
'</soap:GetDynamicPlaylistByName>' +
'</soapenv:Body>' +
'</soapenv:Envelope>';
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4) {
if (xmlhttp.status == 200) {
alert('REQUEST SENT. CHECK FOR RESPONSE.');
}
}
}
// Send the POST request
xmlhttp.setRequestHeader('Content-Type', 'text/xml');
xmlhttp.setRequestHeader('Authentication-Type', 'Preemptive');
xmlhttp.send(sr);
}
source to share
The BrightSign Network API doc at http://docs.brightsign.biz/display/DOC/BSN+API does not indicate that the API is intended to be used from external JavaScript code running in a browser.
Considering that they don't include the response header Access-Control-Allow-Origin
in responses from their API endpoints, so your browser won't allow your external JavaScript code to access the responses.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS explains what's going on here, but the bottom line is that the browser does get a response as expected - and if you look at the Network tab "your browser devtools, you can check the answer there.
But just because the browser has a response doesn't mean it will output the response to your external JavaScript code. Browsers will only expose responses to cross-origin requests to external code if the responses include a response header Access-Control-Allow-Origin
.
Since the BrightSign API does not send this response header, you will not be able to work with this API directly from the front-end code, but instead you need to either make requests from your back-end code, or set up some kind of proxy and make requests through this ...
The answer to "No" Access-Control-Allow-Origin 'header is present in the requested resource " tells how you can configure a custom CORS proxy through which your frontend code can make requests.
source to share