Allow CORS in Pinegrow Browser

Allow CORS in Pinegrow Browser,product is great thanks

Please give me a use-case of how it would be used.

Maybe it is not viable,I am only a beginner so I barely even know what I am talking about however I make simple apps using nw.js,usually just one page apps that get some Data from the net and manipulate the page with it,nw.js allow CORS,also making Windows 10 HTML apps allow CORS too,if pinegrow allowed that too I could write the app/HTML for the most part in Pinegrow

Adding to an old thread here, but I’ve encountered a use case.

Currently I’m designing a page which submits a form. However, testing this with the browser preview feature in PG results in a CORS error. This is because the website is served from PG (127.0.0.1:40000), and this is different from the backend server I’m submitting to (127.0.0.1:8080).

Are you experiencing the CORS error when you open your page in the external browser outside Pinegrow?

I believe you will have to set Access-Control-Allow-Origin header in the response from your backend server during development.

I don’t have a strong knowledge of CORS, so bear with me.

My understanding is that it is the source (origin) server which sets the permitted connections, as any alternative doesn’t make sense. So in this example, that’s Pinegrow. At least while designing the page.

So your suggestion is to move the page to a testing server and try it there? Which will work. But it is a lot of effort to do while working on the page and making adjustments.

Hence, my comment about a use case for setting the header within PG.

What’s your backend server running at port 8080?

That processes the form submission. At the moment it’s only a stub. Although it could be a commercial service in reality.

Ohh okay, is that a node based express backend? Python or something like Django? Does your backend allows you to set cors settings?

By preview feature, are you referring to the internal browser, or you have opened your page in the external browser? Are you able to share a screenshot of the error, that would help with troubleshooting. Thanks!

Currently, the backend is a custom server I’m writing in Swift (using Hummingbird). As such, I do have full flexibility to adjust settings.

To answer your other question, the situation I’m referring to is clicking on the “preview in browser” button in PG. My page opens in the browser (Safari) and I get the CORS error.

The console error I get is…

[Error] Origin http://127.0.0.1:40000 is not allowed by Access-Control-Allow-Origin. Status code: 200
[Error] Fetch API cannot load http://127.0.0.1:8080/update due to access control checks.
[Error] Failed to load resource: Origin http://127.0.0.1:40000 is not allowed by Access-Control-Allow-Origin. Status code: 200 (update, line 0)

I’ve observed that PG executes this feature by substituting any links in the page being previewed with links to its own internal server. Hence, my impression that the CORS setting must be done in PG itself.

I did a quick search and it might be that you will have to whitelist your web server url (https://127.0.0.1:40000 in case of pinegrow) in your backend - Hummingbird and CORS - Swift on server?

Thank you for your efforts. It’s really more than I was expecting.

I hope you don’t feel that I’ve wasted your time. I can get things working simply by turning off CORS restrictions in Safari’s developer settings. However not everyone will be able to do that. Which is why my original reply to @matjaz was in the context of providing a use case as he had asked for.

However, thanks to your efforts, I think I understand CORS better now. I’ve been on the wrong track. I’d imagined it was a security measure implemented at the source, to stop nefarious actors from altering a webpage to send / get its data to / from a malevolent site.

Now I see it’s a security measure on the target server which informs the browser that it (the target) doesn’t talk to “strange” web pages.

Realising that, I now understand the effect of all your suggestions.

Every day I learn something. Unfortunately it’s often what I’ve forgotten the week before.

So, no, I’d not thought of a use case for PG doing CORS.

You are not alone when it comes to the scary cors topic All the best!