Access to XMLHttpRequest at 'https://myopenhab.org/rest/items' from origin 'http://192.168.XXX.XXX' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://myopenhab.org/rest net::ERR_FAILED
But always get the cors problem.
When I do the same query via postman. It works fine.
Cors is a browser security feature to prevent cross site scripting attacks, if this page was being served by your openHAB instance through myopenhab, then it would work. Postman is not a browser, so does not enforce Cors protocol .
Ok, then i’m confused why you are asking why this works in postman but not in your browser? Cors is a client enforced feature, used almost exclusively in Browsers like Chrome, Firefox and IE. The browser looks at a header in the server response and decides if it’s allowed to make the call, the server does not do any enforcement of this, it has no way to.
Postman, curl, Android/Java http libraries, IOS http libraries, etc are not user browsers, and do nothing with the header in the response.
You need to serve this page from the same hostname /domain that the script will be connecting to for browsers to work. openHAB can serve static resource from its HTML directory if you need to do this.
This is an issue with your client library. myopenHAB supports basic HTTP authentication, which it sounds like you are trying to use by adding username:password to the event stream URL, and your library/chrome doesn’t like this. Does your library not have a way of applying basic authentication credentials some other way? Appending them to the URL like that is generally frowned upon and is being supported less and less by clients. Again this has nothing to do with the server, you are still fighting your client code.