it should work on all builds with uhttpd. i'm using snapshot build - r19805-958785508c and below headers i see when cors is enabled.
i believe Access-Control-Allow-Origin value is auto set based on the request headers once CORS is enabled. You dont necessarily need to set its value to *
If the web app will be hosted on the openwrt device it will work.
But in order for it to work hosted any where else the value needs to be * or at least have a configurable value. (otherwise the browser will refuse to initiate connectons to the openwrt device/s)
please let know what happens when you enable ubus_cors in config. do you get the CORS headers enabled in http response?
if its not working, pls share the /etc/config/uhttpd, /etc/openwrt_release content and a sample http post request and response headers that you are getting.
It will work wherever you host the web app, but you need to set the "Origin" request header correctly. That's your "configurable value": send the value with the request header. As @starhunter says:
This can be read in the uhttpd source code (line 153ff): the "Origin" request header is directly reflected into the "Access-Control-Allow-Origin" response header. Most notably: there is no default value, if no "Origin" request header is set, no CORS headers will be returned (line 160ff).
if i throw the file into /www directory inside openwrt it will "work" :
(The error is because the command is not valid , but the browser does invoke the request)
As i understand it , this behavior is a result of the response header LuCI currently return :
As i mentioned , if the response was * , this would work when the html file is hosted any where.
This header is a "counter measure" from any one building a site which has a javascript that generate a lot of request to third party site, this header helps site owner to either block any third party calls or allow them from specific host/ips.
This is relevant only for browser , when my app is running on android or windows this header is not relevant and the app just works.
From the conv above, you want to enable CORS in uhttpd and that you could access endpoints exposed by luci on a different host. correct us otherwise.
you please enable cors in uhttpd config, disable https redirect and then try valid "http" end point & http verb, it would work. if not pls share the complete request, response headers here for us to help you.
Of course, it is only enforced by web browsers. Also note, some web browsers wont allow you to set origin, cookie parameters in request.
you just skip setting origin and then by default those web browser/js frameworks would set Origin: null and uhttpd would still process the request if cors is enabled.
As mentiond before , it is already enabled , without enabling it the headers i posted are not returned in the response.
As my simple code example show, the browser refuses to invoked the request as soon as it see the response header which does not inculde any host (*) or the hosted ip/hostname of the file.
This is the code , the problem is not with the code but with the server side which doesnt return a cross origin header that would allow the code to work while hosted on other place.
While running within a browser , a http request is very limited and the code can not really change many/almost any request headers.
The url is valid and as i stated and 404 is a good response (it accepts only post) , a cross origin policy error as my screenshot showed is "bad response".