<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <br>

    <div class="moz-cite-prefix">On 8/7/2018 5:13 AM, AKASH wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:mailman.438.1533636809.2968.openbmc@lists.ozlabs.org"><br>

      <pre wrap="">Message: 4

Date: Tue, 7 Aug 2018 15:43:21 +0530

From: AKASH G J <a class="moz-txt-link-rfc2396E" href="mailto:akashgj91@gmail.com"><akashgj91@gmail.com></a>

To: Ed Tanous <a class="moz-txt-link-rfc2396E" href="mailto:ed.tanous@intel.com"><ed.tanous@intel.com></a>

Cc: <a class="moz-txt-link-abbreviated" href="mailto:openbmc@lists.ozlabs.org">openbmc@lists.ozlabs.org</a>

Subject: Re: Phosphor Web-ui: Server unreachable

Message-ID:

        <a class="moz-txt-link-rfc2396E" href="mailto:CAE33tLHsd5HwrCS9qLXO6Mo_gzka1Mrv7vs3Ofy0AF=YRJdT1w@mail.gmail.com"><CAE33tLHsd5HwrCS9qLXO6Mo_gzka1Mrv7vs3Ofy0AF=YRJdT1w@mail.gmail.com></a>

Content-Type: text/plain; charset="utf-8"

Hi Ed,

Sorry for the late reply. I was on leave for last week.

I am hosting phosphor-webui on a different machine and trying to connect

the BMC board using its IP address. I am using bmcweb platform. When I

tried to login, the following message appeared in browser console.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the

remote resource at <a class="moz-txt-link-freetext" href="https://">https://</a><BMC-IP>/login. (Reason: CORS request did not

succeed).

<unavailable> activity-stream.bundle.js:3170:9

CSI/tbsd_ cb=gapi.loaded_0:458:127

CSI/_tbnd cb=gapi.loaded_0:458:127

CSI/tbsd_ cb=gapi.loaded_0:458:127

CSI/_tbnd cb=gapi.loaded_0:458:127

</pre>

    </blockquote>

    See

<a class="moz-txt-link-freetext" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin</a>.<br>

    I think the HTTP response header from phosphor-webui needs to

    include "Cross-origin resource sharing" headers such as:<br>

      <span class="typ">Access</span><span class="pun">-</span><span

      class="typ">Control</span><span class="pun">-</span><span

      class="typ">Allow</span><span class="pun">-</span><span

      class="typ">Origin</span><span class="pun"></span>:

    <YOUR-WEB-HOSTING-MACHINE-IP>, <original-ip>    <--

    or use *<br>

      Access-Control-Allow-Credentials: true<br>

      Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE<br>

      Access-Control-Max-Age: 3600<br>

      Access-Control-Allow-Headers: Content-Type, Accept,

    X-Requested-With, remember-me<br>

    <br>

    How would we enhance the phosphor-webui application to produce these

    headers?<br>

    <br>

    <blockquote type="cite"

      cite="mid:mailman.438.1533636809.2968.openbmc@lists.ozlabs.org">

      <pre wrap="">

Thanks and Regards,

Akash

[...snip...]

</pre>

    </blockquote>

    <br>

  </body>

</html>