broker cross-Origin, OPTIONS method not allowed

[j-forster]

The broker works very well with curl or in the browser (http://broker.waziup.io), but fetching data from other domains (that are limited to cross-origin security) fails.

For example: My WebApp, which is using the waziup broker, requests (http://broker.waziup.io) using fetch, must schedule an OPTIONS request first, before the main GET request.
However, the OPTIONS request fails:
Request Headers:

OPTIONS /v2/entities HTTP/1.1
Access-Control-Request-Headers: fiware-service,fiware-servicepath
Access-Control-Request-Method: GET
Origin: http://my-domain.com

Response Headers:

HTTP/1.1 405 Method Not Allowed
Allow: POST, GET

The dashboard avoids this conflict using orion.waziup.io.

So should i use orion.waziup.io in general, or are you going to implement the cross-origin functionality for broker.waziup.io? (Or is using the broker with other WebApp not intended?)
Thanks in advance!

[cdupont]

Hi Johann,
good call.
You're right, Orion doesn't support CORS: telefonicaid/fiware-orion#501
So in Waziup we added a proxy that adds the CORS responses: https://github.com/Waziup/Platform/blob/master/identity/identityproxy.conf#L11
This is documented here: http://www.waziup.io/documentation/api/api-reference/

So yes, you can use http://orion.waziup.io/v1/data/entities from a WebApp.

[cdupont]

@j-forster is it resolved?

[j-forster]

Yes, thanks for your answer.