In order to make a http-request from a browser to the LaMetric API directly, the API needs to support cross domain requests.
Currently the LaMetric API is able to answer OPTIONS-Requests (preflight requests) with an "Access-Control-Allow-Origin: *" and "Access-Control-Allow-Headers: *" header. This is enough to make GET and POST requests without restrictions. But for PUT requests, an additional "Access-Control-Allow-Methods: *" header is required.
David L
In order to make a http-request from a browser to the LaMetric API directly, the API needs to support cross domain requests.
Currently the LaMetric API is able to answer OPTIONS-Requests (preflight requests) with an "Access-Control-Allow-Origin: *" and "Access-Control-Allow-Headers: *" header. This is enough to make GET and POST requests without restrictions. But for PUT requests, an additional "Access-Control-Allow-Methods: *" header is required.
Example JavaScript-Snippet:
var changeAudioVolume = function(volume) { var xmlhttp = new XMLHttpRequest(); xmlhttp.open("PUT", "http://" + config.ip + ":" + config.port + "/api/v2/device/audio"); xmlhttp.setRequestHeader("Authorization", "Basic " + btoa(config.username + ":" + config.password)); xmlhttp.setRequestHeader("Content-Type", "application/json"); xmlhttp.send(JSON.stringify({ volume })); }CORS preflight request (initiated from the browser):
Expected response for full CORS Support:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Current response:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
The browser refuses to execute the request because of the missing preflight response header.
The behavior is the same in Chrome and Firefox.
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMethodNotFound