Search code examples
corsxmlrpcclientsimplexmlrpcserver

CORS XMLRPC via mimic.js


Scenario: I have a webpage that needs to make XMLRPC calls from Javascript, and uses mimic.js to do so. The XMLRPC server is written in python, based on SimpleXMLRPCServer.

When the webpage and the server are on the same machine, all is well. If the page is coming from a different machine, I run into CORS issues. I've managed to get to the point where I know that the XMLRPC call is getting through to the server, yet the page is still complaining:

XMLHttpRequest cannot load http://server.machine.com:8888/. Origin http://page.machine.com is not allowed by Access-Control-Allow-Origin.
(mimic.js:8) NETWORK_ERR: XMLHttpRequest Exception 101: A network error occurred in synchronous requests.

This is what I had to add to my subclass of SimpleXMLRPCRequestHandler in my server:

        def do_OPTIONS(myself):
            myself.send_response(200)
            myself.send_header("Access-Control-Allow-Origin", "*")
            myself.send_header("Access-Control-Allow-Headers","Content-Type")
            myself.end_headers()
            myself.wfile.write("OK") 

My understanding is that I shouldn't need to change anything about making the XMLRPC call when the server is on a different machine (other than specify that new address).

So (finally!) the question: what piece of this puzzle am I missing? If the answer is as simple as "you need a different XMLRPC client library," suggestions as to a replacement would be most welcomed.


Solution

  • Seems that the ACA-Origin & ACA-Headers headers needed to be added to the response from the POST request (the actual XMLRPC method call) as well.