Skip to Content
This question has been flagged
webservicesaccessoriginallowCORS
7 Replies
34617 Views
Avatar
Fernando La Chica Mera

Hi, I'm developing an App with Cordova with which I intend to consume services Odoo. If launched the App with an emulator of Cordova as "ripple emulate" gives me error 404. Doing a little research I see that is related to that default CORS not allowed. I have the same problem if I want to consume the webservice from a web page installed in a different domain of Odoo. I have no problems in playing with the application if I have it installed on the device but I always try to compile and install and that is time consuming.

Have you got enabled CORS in Odoo? How I can do to add the allow-access-from domain * a werkzug header? Thank you.

Avatar
Discard
Fernando La Chica Mera
Author

No one has faced the problem of access to external web via webservice to Odoo?

Avatar
Fernando La Chica Mera
Author Best Answer

I managed to consume the XML-RPC service from a Web App. I use https://github.com/timheap/jquery-xmlrpc

To make it work I had to modify the file <Odoo> /openerp/service/wsgi_server.py in the following procedures


def xmlrpc_return(start_response, service, method, params, string_faultcode=False):
    """
    Helper to call a service's method with some params, using a wsgi-supplied
    ``start_response`` callback.
    This is the place to look at to see the mapping between core exceptions
    and XML-RPC fault codes.
    """
    # Map OpenERP core exceptions to XML-RPC fault codes. Specific exceptions
    # defined in ``openerp.exceptions`` are mapped to specific fault codes;
    # all the other exceptions are mapped to the generic
    # RPC_FAULT_CODE_APPLICATION_ERROR value.
    # This also mimics SimpleXMLRPCDispatcher._marshaled_dispatch() for
    # exception handling.
    try:
        result = openerp.http.dispatch_rpc(service, method, params)
        response = xmlrpclib.dumps((result,), methodresponse=1, allow_none=False, encoding=None)
    except Exception, e:
        if string_faultcode:
            response = xmlrpc_handle_exception_string(e)
        else:
            response = xmlrpc_handle_exception_int(e)
    start_response("200 OK", [
                              ('Content-Type','text/xml'),('Content-Length', str(len(response))),
                              ('Access-Control-Allow-Origin','*'),
                              ('Access-Control-Allow-Methods','POST, GET, OPTIONS'),
                              ('Access-Control-Max-Age',1000),
                              ('Access-Control-Allow-Headers','origin, x-csrftoken, content-type, accept'),
                    ]
                )
    return [response]
def wsgi_xmlrpc(environ, start_response):
    """ Two routes are available for XML-RPC
    /xmlrpc/<service> route returns faultCode as strings. This is a historic
    violation of the protocol kept for compatibility.
    /xmlrpc/2/<service> is a new route that returns faultCode as int and is
    therefore fully compliant.
    """
    if environ['REQUEST_METHOD'] == "OPTIONS":
        response = werkzeug.wrappers.Response('OPTIONS METHOD DETECTED') 
        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
        response.headers['Access-Control-Max-Age'] = 1000
        # note that '*' is not valid for Access-Control-Allow-Headers
        response.headers['Access-Control-Allow-Headers'] = 'origin, x-csrftoken, content-type, accept'
        
        return response(environ, start_response)
    
    if environ['REQUEST_METHOD'] == 'POST' and environ['PATH_INFO'].startswith('/xmlrpc/'):
        length = int(environ['CONTENT_LENGTH'])
        data = environ['wsgi.input'].read(length)
        # Distinguish betweed the 2 faultCode modes
        string_faultcode = True
        if environ['PATH_INFO'].startswith('/xmlrpc/2/'):
            service = environ['PATH_INFO'][len('/xmlrpc/2/'):]
            string_faultcode = False
        else:
            service = environ['PATH_INFO'][len('/xmlrpc/'):]
        params, method = xmlrpclib.loads(data)
        return xmlrpc_return(start_response, service, method, params, string_faultcode)



Would you know tell me how to take these changes into an installable module? Would I have to go into the core?

Avatar
Discard
El mehdi EL OUALI

hi Fernando

I want to make ionic app to get data from odoo 12 server and i have been blocked by CORS policy, you have any solution for my issue

Fernando La Chica Mera
Author

I'm sorry I can't help you. This solution I implemented was used in older versions of Odoo and I don't think it works in a current one. Surely someone knows what settings they should apply to not be blocked by CORS. If not, doing something similar should serve you.

Avatar
Choosak Songsawang
Best Answer

Hello

I researched on internet for a while, here are information and solution I would like to share:

1) I have modified "odoo\http.py" and also "odoo\service\wsgi_server.py" but had no luck.

2) I installed chrome plug-in to bypass "Cross-Origin Resource Sharing" also not working.

3) I also built ".apk" package and ran on real mobile device, also not working

Finally :)

4) I call odoo api through proxy server running nginx, no cors error anymore.

Hope this help.


Avatar
Discard
Avatar
Ravi Gadhia
Best Answer

Hi

To enable CORS for a particular route/endpoint you can pass cors params on a route like

@http.route('/my/route', type='json', auth='none', cors='*')  

def my_route(self):      

        ........

if you want to enable CORS for all the routes(not recommended) here are few options​

  • override werkzeug Response wrapper class ref \https://github.com/odoo/odoo/blob/12.0/odoo/http.py#L1245  

  • Nginx configuration can enable CORS

  • you can create werkzeug middleware for it

Avatar
Discard
Mohamed Mamdouh Shehata

Hello, I am building an odoo 13 app for my graduation project, can anyone help please

Avatar
Carlos
Best Answer

I Want to make the same in Angular 7 i need somthing to avoid cors ¿any help?

Avatar
Discard
Related Posts Replies Views Activity
Granting Payslip Access to a Portal User: Troubleshooting Custom Group Permissions
access
Avatar
0
Oct 24
110
How to change existing access right of some model in a ir.model.access.csv? Solved
access
Avatar
Avatar
Avatar
2
Apr 23
22988
Where is my design on website of odoo stored?
webservices
Avatar
Avatar
Avatar
2
Oct 21
2341
How to create Hierarchical Access Rights Control
access
Avatar
0
Dec 20
1950
Multicompany Access Rights - Why is the field res.user.company_ids not used? Solved
access
Avatar
Avatar
Avatar
2
Jun 20
15732