Odoo Help


Avoid CORS Error (WebApp Cordova)

Fernando La Chica Mera
on 3/10/16, 3:16 PM 5,666 views

Hi, I'm developing an App with Cordova with which I intend to consume services Odoo. If launched the App with an emulator of Cordova as "ripple emulate" gives me error 404. Doing a little research I see that is related to that default CORS not allowed. I have the same problem if I want to consume the webservice from a web page installed in a different domain of Odoo. I have no problems in playing with the application if I have it installed on the device but I always try to compile and install and that is time consuming.

Have you got enabled CORS in Odoo? How I can do to add the allow-access-from domain * a werkzug header? Thank you.

No one has faced the problem of access to external web via webservice to Odoo?

Fernando La Chica Mera
on 3/16/16, 4:08 AM

I managed to consume the XML-RPC service from a Web App. I use https://github.com/timheap/jquery-xmlrpc

To make it work I had to modify the file <Odoo> /openerp/service/wsgi_server.py in the following procedures

def xmlrpc_return(start_response, service, method, params, string_faultcode=False):


Helper to call a service's method with some params, using a wsgi-supplied

``start_response`` callback.

This is the place to look at to see the mapping between core exceptions

and XML-RPC fault codes.


# Map OpenERP core exceptions to XML-RPC fault codes. Specific exceptions

# defined in ``openerp.exceptions`` are mapped to specific fault codes;

# all the other exceptions are mapped to the generic


# This also mimics SimpleXMLRPCDispatcher._marshaled_dispatch() for

# exception handling.


result = openerp.http.dispatch_rpc(service, method, params)

response = xmlrpclib.dumps((result,), methodresponse=1, allow_none=False, encoding=None)

except Exception, e:

if string_faultcode:

response = xmlrpc_handle_exception_string(e)


response = xmlrpc_handle_exception_int(e)

start_response("200 OK", [

('Content-Type','text/xml'),('Content-Length', str(len(response))),


('Access-Control-Allow-Methods','POST, GET, OPTIONS'),


('Access-Control-Allow-Headers','origin, x-csrftoken, content-type, accept'),



return [response]

def wsgi_xmlrpc(environ, start_response):

""" Two routes are available for XML-RPC

/xmlrpc/<service> route returns faultCode as strings. This is a historic

violation of the protocol kept for compatibility.

/xmlrpc/2/<service> is a new route that returns faultCode as int and is

therefore fully compliant.


if environ['REQUEST_METHOD'] == "OPTIONS":

response = werkzeug.wrappers.Response('OPTIONS METHOD DETECTED')

response.headers['Access-Control-Allow-Origin'] = '*'

response.headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'

response.headers['Access-Control-Max-Age'] = 1000

# note that '*' is not valid for Access-Control-Allow-Headers

response.headers['Access-Control-Allow-Headers'] = 'origin, x-csrftoken, content-type, accept'

return response(environ, start_response)

if environ['REQUEST_METHOD'] == 'POST' and environ['PATH_INFO'].startswith('/xmlrpc/'):

length = int(environ['CONTENT_LENGTH'])

data = environ['wsgi.input'].read(length)

# Distinguish betweed the 2 faultCode modes

string_faultcode = True

if environ['PATH_INFO'].startswith('/xmlrpc/2/'):

service = environ['PATH_INFO'][len('/xmlrpc/2/'):]

string_faultcode = False


service = environ['PATH_INFO'][len('/xmlrpc/'):]

params, method = xmlrpclib.loads(data)

return xmlrpc_return(start_response, service, method, params, string_faultcode)

Would you know tell me how to take these changes into an installable module? Would I have to go into the core?

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)


Asked: 3/10/16, 3:16 PM
Seen: 5666 times
Last updated: 10/20/16, 3:07 AM