[Archivesspace_Users_Group] ArchivesSpace API and XMLHttpRequests

Brian Hoffman brianjhoffman at gmail.com
Wed Feb 11 18:24:42 EST 2015 

Hi Hillel,

If you are using Apache to server the index of your SPA app, your best bet
might be to use ProxyPass statements in your Apache config to get around
the X-domain issues. Example:

http://yourserver.edu/spa/index.html

http://yourserver.edu/aspaceproxy

which proxies and reverse proxies to:

http://youraspaceserver.edu

Disclaimer: this isn't really something I have a lot of experience with.

Regarding the authentication, I threw together a little demo using a client
library I wrote - maybe it will help:

https://github.com/quoideneuf/asapi/releases/tag/spa-demo

Brian



On Wed, Feb 11, 2015 at 10:16 AM, Arnold, Hillel <harnold at rockarch.org>
wrote:

> Hi Brian,
> Thanks for your quick response, and for the tip about Chrome. I was able
> to sidestep the cross-domain issue for now, but if anyone has tips on how
> to get this working in production that would be great to know for the
> future. I should mention that I tried changing the
> Access-Control-Allow-Origin header in Apache, but that didn’t seem to have
> any effect because ArchivesSpace is running within Jetty (I think).
> As far as getting something back via a URL like /search?q=query&page=1, I
> am still having no luck. I was able to successfully authenticate (and I’m
> authenticating as an admin user), and am sending the session key back via a
> header. I’m able to successfully make other calls, but that particular one
> is not working. Any ideas?
>
> Hillel
>
> From: Brian Hoffman <brianjhoffman at gmail.com>
> Reply-To: Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> Date: Tuesday, February 10, 2015 at 10:19 PM
> To: Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> Subject: Re: [Archivesspace_Users_Group] ArchivesSpace API and
> XMLHttpRequests
>
> Hi Hillel,
>
> For development purposes, you can get around the cross domain issue by
> starting Chrome with the disable-web-security flag:
>
>
> http://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome
>
> For the Postman case you described, it sounds like you need to hit the
> login endpoint first, get back the session key, and then add that to your
> search request headers (there's a little dropdown in Postman for this)
> using 'X-ArchivesSpace-Session' as the header key.
>
> Hope this helps,
>
> Brian
>
>
>
>
> On Tue, Feb 10, 2015 at 5:46 PM, Arnold, Hillel <harnold at rockarch.org>
> wrote:
>
>> Hi everyone,
>> I’ve been hacking together a proof-of-concept single page web app which
>> makes a couple of API calls against ArchivesSpace and returns/displays a
>> bunch of data about a particular archival component.
>> Because I am not really a programmer, I’m just making a XMLHttpRequest
>> with JQuery. However, I’m running into a couple problems.
>> First, when I try to post to my username and password so I can get back a
>> session token, I’m getting an error related to cross domain requesting
>> saying the requested resource doesn’t have an Access-Control-Allow-Origin
>> header set. It seems like I’d need to set those header somewhere
>> server-side (maybe in the app config settings somewhere), but I’m not sure
>> where exactly that would be. The existing examples out there for working
>> with the ArchivesSpace API seem to mostly be command-line tools, which
>> wasn’t really helping me. I’m sure there are people out there who have done
>> this, either specifically with ArchivesSpace or with other Ruby apps, so if
>> you know how to do this or can point me to a link which tells me how to do
>> it, I’d be most grateful!
>> Second, unless I am reading the documentation wrong (which is very
>> likely), I think I should be able to make a get request like:
>> http://some_url:8089/search?q=cats&page=1 and get back search results.
>> However, when I test that URL out in Postman I’m getting a 403 error. Am I
>> missing something here?
>>
>> Thanks for any help!
>>
>> Hillel Arnold
>> Lead Digital Archivist
>> Rockefeller Archive Center
>>
>> _______________________________________________
>> Archivesspace_Users_Group mailing list
>> Archivesspace_Users_Group at lyralists.lyrasis.org
>> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>>
>>
>
>
> --
> Brian Hoffman
> brianjhoffman at gmail.com
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>
>


-- 
Brian Hoffman
brianjhoffman at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20150211/43d46d2b/attachment.html>

More information about the Archivesspace_Users_Group mailing list