Jump to content
grocca

Cross-Origin Resource Sharing (CORS)

Recommended Posts

Hi,

I am new to the CIAPI and I keep receiving a CORS error at login attempt:

Below are two different attempts to login - AJAX and jQuery

 

<script>

$.ajax({

        type: "PUT",

        url: 'https://ciapi.cityindex.com/TradingAPI/session',

        data:jQuery.parseJSON('{"UserName":"DM205345","Password":"XXXXXX"}')

        Content-Type: application/json,

        dataType : 'json',   //jsonp for cross origin request creates another error

        crossDomain:true,

        success: function(data, status, xhr) {

            alert(data);

        },

       error: function(jqXHR, textStatus, ex) {

           alert(textStatus + "," + ex + "," + jqXHR.responseText);

        }

});

</script>

 

Image of cors error for the ajax attempt above is the attached  cors1.png

 

JQUERY

<script>

$.post("https://ciapi.cityindex.com/TradingAPI/session",{"UserName":"DM205345","Password":"XXXXX"}, function (data, textCode){

 

});

</script>

 

Image of cors error for the jQuery attempt above is the attached cors2.png

 

 

I have tried numerours variations of the above and still no success.

My username and password works as i have tried it in the test harness and seems to have returned correctly.

post-4591-0-01012800-1446865653_thumb.png

post-4591-0-98825100-1446865921_thumb.png

Share this post


Link to post

Hi grocca,

 

Cross Origin Request Sharing (CORS) is not currently enabled on our Trading API servers, hence why you are receiving the error. I have started the process of enabling CORS for the API servers, after which you should be able to use the API without this particular error.

 

The time frame for this to be released into the Live environment is a couple of weeks. I shall post again as soon as it has been deployed into Live.

 

Thank you for your patience.

PM!

Share this post


Link to post

Hi,

 

You should be able to access the CIAPI using jQuery or AJAX without the CORS error. This has been re-enabled on the server - long story short, a recent API change accidentally disabled CORS and this change has been rolled back.

 

I performed a quick check using CURL to simulate a preflight request with an origin of "http://example.com" and received back the expected Access-Control-Allow-OriginAccess-Control-Allow-Methods, and Access-Control-Allow-Headers. 

curl -H "Origin: http://example.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
https://ciapi.cityindex.com/TradingAPI

xZZwAMU.png

 

Please let me know if it now works for you as expected.

 

Kind Regards,

PM!

Share this post


Link to post

Thanks for the reply but I am still having no luck

 

However my response code is different saying

Cors header access-control-allow-origin does not match *

I have tried all variations and still no access.

 

Were you able to get an Ajax or jquery working call to ciapi from an external site?

Share this post


Link to post

Hi,

 

I've found what it is - the changes to the API have only been applied to the QA and Pre-Production environments at this time and not yet in Live.

 

I've sent you a private message with the credentials for a Pre-Production environment account that you can use to check if you still get a CORS error there. Please send your calls to the PPE API address at: https://ciapipreprod.cityindextest9.co.uk/TradingApi/

 

Should it work fine in PPE then once the changes are deployed in the Live environment you can use the API normally without errors. If you still receive errors in PPE then we can look into it some more at that time.

 

Kind Regards,

PM!

Share this post


Link to post

I have tried the new address with my credentials the ones you had sent

I am getting the error as per image "Capture.png" for both addresses

 

I have also tried doing a simple post form

<form action="https://ciapipreprod.cityindextest9.co.uk/TradingApi/session" method="post">
    <input type="text" name="UserName" value="DM######" />
    <input type="text" name="Passwrod" value="xxxxxx" />
    <input type="submit" name="submit" value="submit" />
</form>

 

and the response is:

{"HttpStatus":400,"ErrorMessage":"The request content-type is not supported","ErrorCode":4005}

post-4591-0-31474800-1447933138_thumb.png

Share this post


Link to post

Hello,

 

I think we may have found the cause of the problem and the solution!! In your AJAX call, the content type in the request should be:

contentType: 'application/json' //with single quote marks

 

instead of what is currently being used:

Content-Type: application/json

 

As an example the following code works:

rx3kylA.png

 

Without the content type is when the we get the CORS error:

H4WEsoh.png

 

Hope this helps.

 

Kind Regards,

PM!

Share this post


Link to post

My Friend this is unbelieveable. You have done it!

 

Thanks for persisting with me on this. I had tried so many different combinations and my code has become a complete mess.

 

But you have cleared all that up now - Many Thanks

Share this post


Link to post

Hi Grocca,

 

CORS is enabled for the entire server  - requests to any address won't cause an issue.

 

The previous error encountered with the GET request was due to the missing single quote marks in the request. The syntax of requests must be 100% exact or errors will result as we've seen.

 

There is a POST body example in the API reference for placing a trade, which is when you would POST to the https://ciapi.cityindex.com/TradingAPI/order/newtradetorder address. See http://docs.labs.cityindex.com/#HTTP Services/Trade.htm%3FTocPath%3DCIAPI%2520Reference%7CHTTP%2520Services%7CTrades%2520and%2520Orders%7C_____14

The problem is likely caused by a missing or extraneous symbol somewhere in the POST request.

 

Kind Regards,

PM!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×