Mark,
simpleclient.htm currently does no attempt at a CORS request. I'll
prepare a CORS version.
To test CORS compliance until then, you can use:
http://client.cors-api.appspot.com/client
The test currently does not succeed, I think because we also need at
least...
|Access-Control-Allow-Credentials: true|
...for the cookie.
Regards,
Michael
Am 09.06.2014 03:06, schrieb Mark Webb-Johnson:
>
> Looking at the references mozilla document, it seems that our API use
> cases fall within the 'simple' approach.
>
> I have changed the tmc.openvehicles.com <http://tmc.openvehicles.com>
> server to return "Access-Control-Allow-Origin: *" for all requests,
> and that is live now. I have also put up the simpleclient.htm for
> testing at:
>
> http://www.openvehicles.com/simpleclient.htm
>
>
> It seems to work for me. But, then www.openvehicles.com
> <http://www.openvehicles.com> and tmc.openvehicles.com
> <http://tmc.openvehicles.com> are somewhat related so this is not a
> true test.
>
> Regards, Mark.
>
> On 9 Jun, 2014, at 5:52 am, Michael Balzer <dexter at expeedo.de
> <mailto:dexter at expeedo.de>> wrote:
>
>> Nikolay,
>>
>> I don't need CORS for the auth, that's already working without.
>>
>> I would need CORS to automatically process the data. And I'd like to
>> do it with minimal changes to the existing API server.
>>
>> My CORS research result was:
>>
>> maybe AnyEvent::HTTPD has some CORS support yet?
>>
>> If not, these are the headers:
>>
>> Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
>>
>> Access-Control-Allow-Origin "*$ORIGIN*"
>>
>> Access-Control-Allow-Credentials "true"
>>
>> Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
>>
>>
>> ...static values except for the "ORIGIN" variable, which needs to
>> echo back the "Origin:" header from the request. I'm not familiar
>> with AnyEvent::HTTPD, maybe something like
>>
>> $req->header('Origin')
>>
>>
>> There's a bit more to do: method OPTIONS also needs to be
>> supported for "preflight requests" (access control negotiation),
>> see
>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
>> for detailed request/response examples.
>>
>> I suppose that will need a separate handler function, but one for
>> the /api root should be sufficient.
>>
>>
>> Btw, methods "PUT", "PATCH" + "DELETE" can be omitted I think.
>>
>> But if you'd like to build a Node.js based solution, go ahead, sounds
>> cool :-)
>>
>> Regards,
>> Michael
>>
>>
>>
>> Am 07.06.2014 23:37, schrieb Nikolay Shishkov:
>>> Hi Michael,
>>>
>>> I think what you have done with the html page is crying for the CORS
>>> and an angularjs, single page app.
>>> Here is an open source project with such app that could "easily" be
>>> modified to do the work.
>>> Check out a working sample here:
>>> http://angular-client-side-auth.herokuapp.com/login/
>>>
>>> Nikolay
>>>
>>>
>>> On Saturday, June 7, 2014 12:42 AM, Nikolay Shishkov
>>> <nshishkov at yahoo.com> wrote:
>>>
>>>
>>> I believe the following two headers should do it:
>>> Access-Control-Allow-Origin: *
>>> Access-Control-Allow-Credentials: true
>>>
>>> But needs to be tested.
>>>
>>>
>>> On Friday, June 6, 2014 2:31 PM, Mark Webb-Johnson
>>> <mark at webb-johnson.net> wrote:
>>>
>>>
>>> Bug squished. Live on tmc now (and pushed to github).
>>>
>>> Neat web page. Shows promise.
>>>
>>> Regarding the CORS, I'm very willing to make the changes - just not
>>> really sure what headers exactly need to be added. Anyone here know
>>> what I would need to add?
>>>
>>> Regards, Mark.
>>>
>>> On 6 Jun, 2014, at 3:03 pm, Michael Balzer <dexter at expeedo.de
>>> <mailto:dexter at expeedo.de>> wrote:
>>>
>>> Nikolay,
>>>
>>> you found an API server bug :-)
>>>
>>> Solution: delete all domain cookies for "openvehicles.com
>>> <http://openvehicles.com/>" from your browser before using the API.
>>>
>>> The API server gets confused by multiple cookies. If you visit
>>> www.openvehicles.com <http://www.openvehicles.com/> before using the
>>> API, you get a persistent PHP session cookie like this:
>>>
>>> Name SESS619b2b3f204291df32506531f8b446dd
>>> Host .openvehicles.com <http://openvehicles.com/>
>>> Pfad /
>>>
>>> As the host defines ".openvehicles.com <http://openvehicles.com/>"
>>> and path "/", this cookie also gets sent to the API host, which then
>>> confuses this one with the "ovmsapisession" cookie, i.e.
>>>
>>> Name ovmsapisession
>>> Host tmc.openvehicles.com <http://tmc.openvehicles.com/>
>>> Pfad /api/
>>>
>>> Regards,
>>> Michael
>>>
>>>
>>> Am 05.06.2014 23:46, schrieb Nikolay Shishkov:
>>>> Thanks Michael,
>>>> I am getting "login ok" when pressing on the login button, but then
>>>> all the other buttons are giving "authentication error" message.
>>>> I could check that the cookie is sent with the request, but the
>>>> server seems to respond with the 400 code.
>>>> I tried in Chrome. Where, how do you use the page?
>>>> Nikolay
>>>>
>>>>
>>>> On Thursday, June 5, 2014 10:59 PM, Michael Balzer
>>>> <dexter at expeedo.de> <mailto:dexter at expeedo.de> wrote:
>>>>
>>>>
>>>> Nikolay,
>>>>
>>>> that's right, I intend to get this running without an otherwise
>>>> necessary proxy, i.e. for local HTML pages on mobile devices or the
>>>> like. I've been in contact with Mark about CORS on the perl server.
>>>>
>>>> A server could of course be used, most simply the HTTP API itself
>>>> could deliver the client page, but CORS should now enable to cope
>>>> without and open possible cross origin data/control integrations.
>>>> Not sure about static pages for this though, not yet tested. I
>>>> think it would be cool to just load some HTML file in your browser
>>>> and have a graphical OVMS client.
>>>>
>>>> The "code" is currently just a first test bed HTML page to interact
>>>> with the HTTP API. No graphics, just a simple table view. Works,
>>>> but is clumsy as hell.
>>>>
>>>> Try yourself, I've attached it.
>>>>
>>>> Regards,
>>>> Michael
>>>>
>>>>
>>>> Am 05.06.2014 11:26, schrieb Nikolay Shishkov:
>>>>> Hi Michael,
>>>>>
>>>>> I am very interested in the "Browser client using HTTP API and
>>>>> jQuery/Flot for visualization". From the comment that CORS is
>>>>> needed I suspect you want to have the html5 page locally and then
>>>>> fetch data from the server while using other sources for context
>>>>> data.
>>>>> Have you considered running this on a separate server that serves
>>>>> as a gateway to the TMC server?
>>>>>
>>>>> Have you uploaded the code somewhere?
>>>>>
>>>>> I have been playing around with C# client and was thinking of
>>>>> using it on an asp.net <http://asp.net/> server...
>>>>>
>>>>> Nikolay
>>>>>
>>>>>
>>>>> On Wednesday, June 4, 2014 11:22 PM, Michael Balzer
>>>>> <dexter at expeedo.de> <mailto:dexter at expeedo.de> wrote:
>>>>>
>>>>>
>>>>> Am 04.06.2014 07:38, schrieb Gianluca Magalotti:
>>>>> > For nice2have features I'll wait for your list (I have my personal
>>>>> > list too but maybe we'll have a later focus on that)
>>>>>
>>>>> So here it is.
>>>>>
>>>>> If other Twizy drivers would like to add their ideas, you're welcome.
>>>>>
>>>>> I'll do my best to check new ideas against my collected knowledge of
>>>>> what's possible up to now and give you some feedback.
>>>>>
>>>>>
>>>>> Regards,
>>>>> Michael
>>>>>
>>>>>
>>>>> --
>>>>> Michael Balzer * Paradestr. 8 * D-42107 Wuppertal
>>>>> Fon 0202 / 272 2201 * Handy 0176 / 206 989 26
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OvmsDev mailing list
>>>>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>>>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OvmsDev mailing list
>>>>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>>>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>>>>
>>>> --
>>>> Michael Balzer * Paradestr. 8 * D-42107 Wuppertal
>>>> Fon 0202 / 272 2201 * Handy 0176 / 206 989 26
>>>>
>>>> _______________________________________________
>>>> OvmsDev mailing list
>>>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OvmsDev mailing list
>>>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>>>
>>>
>>> --
>>> Michael Balzer * Paradestr. 8 * D-42107 Wuppertal
>>> Fon 0202 / 272 2201 * Handy 0176 / 206 989 26
>>> _______________________________________________
>>> OvmsDev mailing list
>>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>>>
>>>
>>> _______________________________________________
>>> OvmsDev mailing list
>>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OvmsDev mailing list
>>> OvmsDev at lists.teslaclub.hk
>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>>
>> --
>> Michael Balzer * Paradestr. 8 * D-42107 Wuppertal
>> Fon 0202 / 272 2201 * Handy 0176 / 206 989 26
>> <dexter.vcf>_______________________________________________
>> OvmsDev mailing list
>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>
>
>
> _______________________________________________
> OvmsDev mailing list
> OvmsDev at lists.teslaclub.hk
> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
--
Michael Balzer * Paradestr. 8 * D-42107 Wuppertal
Fon 0202 / 272 2201 * Handy 0176 / 206 989 26
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20140610/66168d1d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dexter.vcf
Type: text/x-vcard
Size: 206 bytes
Desc: not available
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20140610/66168d1d/attachment-0002.vcf>