Myopenhab.org Rest-Service openhab3

Fab4guy · January 19, 2021, 6:47pm

How is it possible to query the rest service via myopenhab.org.
I have tried it this way.

<script>
var username="xxx";
var password="xxxx";
$.ajax({
  type: "GET",
  url: "https://myopenhab.org/rest/items",
  dataType: 'json',
  headers: {
    "Authorization": "Basic " + btoa(username + ":" + password)
  },
  success: function (result){
      console.log(result)
  }
});
</script>

Access to XMLHttpRequest at 'https://myopenhab.org/rest/items' from origin 'http://192.168.XXX.XXX' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

GET https://myopenhab.org/rest net::ERR_FAILED

But always get the cors problem.
When I do the same query via postman. It works fine.

Wolfgang_S · January 19, 2021, 6:20pm

Put

org.openhab.cors:enable=true

into /etc/openhab/services/runtime.cfg file.

See e.g.: Cors problem

Fab4guy · January 19, 2021, 6:27pm

But this only solves the problem when I access my openhab instance locally. Because locally everything works. but not via the openhab cloud.

BTW: The topic Cors problem is from me

digitaldan · January 20, 2021, 4:58am

Cors is a browser security feature to prevent cross site scripting attacks, if this page was being served by your openHAB instance through myopenhab, then it would work. Postman is not a browser, so does not enforce Cors protocol .

Fab4guy · January 20, 2021, 9:11am

I know what Cors is and what it is for.
I wonder how the openHab app from the Google Play store does it. It seems to work there as well.

Because I have programmed myself an app for Android.

digitaldan · January 20, 2021, 5:27pm

Ok, then i’m confused why you are asking why this works in postman but not in your browser? Cors is a client enforced feature, used almost exclusively in Browsers like Chrome, Firefox and IE. The browser looks at a header in the server response and decides if it’s allowed to make the call, the server does not do any enforcement of this, it has no way to.

Postman, curl, Android/Java http libraries, IOS http libraries, etc are not user browsers, and do nothing with the header in the response.

You need to serve this page from the same hostname /domain that the script will be connecting to for browsers to work. openHAB can serve static resource from its HTML directory if you need to do this.

Fab4guy · February 18, 2021, 12:29pm

Hi @digitaldan ,

Meanwhile I have managed it with the help of this plugin GitHub - silkimen/cordova-plugin-advanced-http: Cordova / Phonegap plugin for communicating with HTTP servers. Allows for SSL pinning!

So there are no problems with CORS.
Switching the devices or initial requesting the status of a device works fine.

However, I have not yet found a solution for subscribing to the event bus from openhab.
See also the post here from me.

Do you have an idea or a solution?

digitaldan · February 18, 2021, 4:12pm

This is an issue with your client library. myopenHAB supports basic HTTP authentication, which it sounds like you are trying to use by adding username:password to the event stream URL, and your library/chrome doesn’t like this. Does your library not have a way of applying basic authentication credentials some other way? Appending them to the URL like that is generally frowned upon and is being supported less and less by clients. Again this has nothing to do with the server, you are still fighting your client code.