Trợ giúp


Avoid CORS Error (WebApp Cordova)

Hi, I'm developing an App with Cordova with which I intend to consume services Odoo. If launched the App with an emulator of Cordova as "ripple emulate" gives me error 404. Doing a little research I see that is related to that default CORS not allowed. I have the same problem if I want to consume the webservice from a web page installed in a different domain of Odoo. I have no problems in playing with the application if I have it installed on the device but I always try to compile and install and that is time consuming.

Have you got enabled CORS in Odoo? How I can do to add the allow-access-from domain * a werkzug header? Thank you.

1 Bình luận
Ảnh đại diện
Huỷ bỏ
Fernando La Chica Mera

No one has faced the problem of access to external web via webservice to Odoo?

7 Câu trả lời
Best Answer

I managed to consume the XML-RPC service from a Web App. I use

To make it work I had to modify the file <Odoo> /openerp/service/ in the following procedures

def xmlrpc_return(start_response, service, method, params, string_faultcode=False):


Helper to call a service's method with some params, using a wsgi-supplied

``start_response`` callback.

This is the place to look at to see the mapping between core exceptions

and XML-RPC fault codes.


# Map OpenERP core exceptions to XML-RPC fault codes. Specific exceptions

# defined in ``openerp.exceptions`` are mapped to specific fault codes;

# all the other exceptions are mapped to the generic


# This also mimics SimpleXMLRPCDispatcher._marshaled_dispatch() for

# exception handling.


result = openerp.http.dispatch_rpc(service, method, params)

response = xmlrpclib.dumps((result,), methodresponse=1, allow_none=False, encoding=None)

except Exception, e:

if string_faultcode:

response = xmlrpc_handle_exception_string(e)


response = xmlrpc_handle_exception_int(e)

start_response("200 OK", [

('Content-Type','text/xml'),('Content-Length', str(len(response))),


('Access-Control-Allow-Methods','POST, GET, OPTIONS'),


('Access-Control-Allow-Headers','origin, x-csrftoken, content-type, accept'),



return [response]

def wsgi_xmlrpc(environ, start_response):

""" Two routes are available for XML-RPC

/xmlrpc/<service> route returns faultCode as strings. This is a historic

violation of the protocol kept for compatibility.

/xmlrpc/2/<service> is a new route that returns faultCode as int and is

therefore fully compliant.


if environ['REQUEST_METHOD'] == "OPTIONS":

response = werkzeug.wrappers.Response('OPTIONS METHOD DETECTED')

response.headers['Access-Control-Allow-Origin'] = '*'

response.headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'

response.headers['Access-Control-Max-Age'] = 1000

# note that '*' is not valid for Access-Control-Allow-Headers

response.headers['Access-Control-Allow-Headers'] = 'origin, x-csrftoken, content-type, accept'

return response(environ, start_response)

if environ['REQUEST_METHOD'] == 'POST' and environ['PATH_INFO'].startswith('/xmlrpc/'):

length = int(environ['CONTENT_LENGTH'])

data = environ['wsgi.input'].read(length)

# Distinguish betweed the 2 faultCode modes

string_faultcode = True

if environ['PATH_INFO'].startswith('/xmlrpc/2/'):

service = environ['PATH_INFO'][len('/xmlrpc/2/'):]

string_faultcode = False


service = environ['PATH_INFO'][len('/xmlrpc/'):]

params, method = xmlrpclib.loads(data)

return xmlrpc_return(start_response, service, method, params, string_faultcode)

Would you know tell me how to take these changes into an installable module? Would I have to go into the core?

2 Bình luận
Ảnh đại diện
Huỷ bỏ
El mehdi EL OUALI

hi Fernando

I want to make ionic app to get data from odoo 12 server and i have been blocked by CORS policy, you have any solution for my issue

Fernando La Chica Mera

I'm sorry I can't help you. This solution I implemented was used in older versions of Odoo and I don't think it works in a current one. Surely someone knows what settings they should apply to not be blocked by CORS. If not, doing something similar should serve you.

Choosak Songsawang
Best Answer


I researched on internet for a while, here are information and solution I would like to share:

1) I have modified "odoo\" and also "odoo\service\" but had no luck.

2) I installed chrome plug-in to bypass "Cross-Origin Resource Sharing" also not working.

3) I also built ".apk" package and ran on real mobile device, also not working

Finally :)

4) I call odoo api through proxy server running nginx, no cors error anymore.

Hope this help.

Ảnh đại diện
Huỷ bỏ
Ravi Gadhia
Best Answer


To enable CORS for a particular route/endpoint you can pass cors params on a route like

@http.route('/my/route', type='json', auth='none', cors='*')  

def my_route(self):      


if you want to enable CORS for all the routes(not recommended) here are few options​

  • override werkzeug Response wrapper class ref \  

  • Nginx configuration can enable CORS

  • you can create werkzeug middleware for it

Ảnh đại diện
Huỷ bỏ
Best Answer

I Want to make the same in Angular 7 i need somthing to avoid cors ¿any help?

Ảnh đại diện
Huỷ bỏ