Does restws allow cross domain requests without authentication?

I'm building an AngularJS app that queries a Drupal site on another domain and am hoping to use this module to provide the JSON. I figured that allowing anonymous access to the resources would give me access to this, but I seem to be unable to query using Angular and get "Origin http://localhost:9000 is not allowed by Access-Control-Allow-Origin."

I can access node.json from the Drupal site when logged out, but it seems that if anonymous is allowed, restws should also be setting the header with something like:

header('Access-Control-Allow-Origin: *');

Thoughts?

Comments

sirkitree’s picture

sirkitree commented
Status: Active » Closed (won't fix)

Turns out this is a pretty typical thing. Localhost to a regular domain CORS do not work well in most browsers due to security. Disabling security locally allowed this by starting the browser form the command line and using the --disable-web-security flag.

Shouldn't need to modify the restws module at all for this.

justafish’s picture

justafish
she/her
Primary language English
Location London, UK
commented

I just whipped this up http://drupal.org/project/cors

Roeneman-1’s picture

Roeneman-1 commented

The cors project sets return headers at hook_init.
In my experience you need to set headers at hook_boot to work for RESTWS. Not sure why... but that's how I got it to work.
Rds, Roeneman