This week's giveaway is in the Spring forum.
We're giving away four 3 month subscriptions to Marco Behler Videos and have Marco Behler on-line!
See this thread for details.
Win a 3 month subscription to Marco Behler Videos this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SteamAPI  RSS feed

 
Christopher Roberts
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi guys we are trying to get our users stats from the steamWeb api using ajax
I am having difficulty getting the script to work as with CORS cross domain.



Using the log on Chrome i can see this error

XMLHttpRequest cannot load http://api.steampowered.com/ISteamUser/GetFriendList/v0001/?key=31xxxxxxxxxx0&steamid=76561197960435530&relationship=friend. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://evo4ever.me' is therefore not allowed access. The response had HTTP status code 500.

we have added

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value></param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value></param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>180</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

to the webXML but we still seem to not be allowed to do this.

Burning my head out i think the way the headers are done is the issue but i dont seem to be able to figure it out any help would be much appreciated.
 
Rob Spoor
Sheriff
Posts: 21021
85
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch!

Christopher Roberts wrote:

Your allowed origins list is empty, and therefore http://evo4ever.me is not allowed. Try adding it to that list.
 
Christopher Roberts
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi m8 thanks for the responce. I have hadded http://evo4ever.me to the filter buts same issue. I would like to show you the full code incase we are doing the headers wrong.
so we are trying to send a users video to our file server as our web server is on a much slower connection and has smaller disk space.
The idear being they can upload and it be sent straight to remote server.

Servlet for userVideoUpload


This being hosted on the remote server.
Then we have our upload page.



and finally our web.xml from the remote server



thanks again for any help you can give us it really should be working
 
Rob Spoor
Sheriff
Posts: 21021
85
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Christopher Roberts wrote:

What is this code supposed to do? Are you aware that that method is executed after the CORS filter has already done its work, and therefore will not have any effect on what the CORS filter does?

Anyway, I suggest setting your debugger to work, and find out what the CORS filter does. In fact, it wouldn't surprise me if the filter isn't even triggered. After all, it's the remote call to api.steampowered.com that fails. Your CORS filter only works on requests to your own site.
 
Rob Spoor
Sheriff
Posts: 21021
85
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS? I did a quick scan, and it showed me that Access-Control-Allow-Origin should be a response header. You're sending it as a request header though.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!