<div dir="ltr">This is a JSONP issue (well worth a search on stackoverflow). Once you master that there are no XSS errors. I also means you don't need the server to enabled "allow origin". I had some code that works as-is.<div><br></div><div><div><font face="monospace, monospace" color="#0000ff"> var url = peeringdb_api_url + '/' + $scope.getJSONParam1 + '/' + $scope.getJSONParam2;</font></div><div><font face="monospace, monospace" color="#0000ff"> url = url + '?callback=JSON_CALLBACK';</font></div><div><font face="monospace, monospace" color="#0000ff"> console.log('url = "' + url + '"');</font></div><div><font face="monospace, monospace" color="#0000ff"> </font><font face="monospace, monospace" color="#ff0000">$http.jsonp</font><font face="monospace, monospace" color="#0000ff">(url, config)</font></div><div><font face="monospace, monospace" color="#0000ff"> .then(function successCallback(response) {</font></div><div><font face="monospace, monospace" color="#0000ff"> console.log('successCallback() called');</font></div><div><font face="monospace, monospace" color="#0000ff"> $scope.getCallJSONResult = logResult("GET SUCCESS", response.data, response.status, response.statusText, response.headers, response.config);</font></div><div><font face="monospace, monospace" color="#0000ff"> }, function errorCallback(response) {</font></div><div><font face="monospace, monospace" color="#0000ff"> console.log('errorCallback() called');</font></div><div><font face="monospace, monospace" color="#0000ff"> $scope.getCallJSONResult = logResult("GET ERROR", response.data, response.status, response.statusText, response.headers, response.config);</font></div><div><font face="monospace, monospace" color="#0000ff"> });</font></div><div><font face="monospace, monospace" color="#0000ff"> };</font></div></div><div><br></div><div>This is in Angular - but that's a whole other conversation. </div><div><br></div><div>Try that.</div><div><br></div><div>Martin</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 11, 2017 at 11:00 AM, Ruairi Carroll <span dir="ltr"><<a href="mailto:ruairi.carroll@gmail.com" target="_blank">ruairi.carroll@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hey,</div><div><br></div><div>While writing a JS app, I noticed that Access-Control-Allow-Origin is not set on <a href="http://api.peeringdb.com" target="_blank">api.peeringdb.com</a>. I also see that there's an open issue for this ( <a href="https://github.com/peeringdb/peeringdb/issues/78" target="_blank">https://github.com/peeringdb/<wbr>peeringdb/issues/78</a> ).</div><div><br></div><div>I was wondering what would be the best way to do this - should I sync and host my own copy of the API, or are you OK with having random calls to the API from webapps? </div><span class="HOEnZb"><font color="#888888"><div><br></div><div>/Ruairi</div></font></span></div>
<br>______________________________<wbr>_________________<br>
Pdb-tech mailing list<br>
<a href="mailto:Pdb-tech@lists.peeringdb.com">Pdb-tech@lists.peeringdb.com</a><br>
<a href="http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech" rel="noreferrer" target="_blank">http://lists.peeringdb.com/<wbr>cgi-bin/mailman/listinfo/pdb-<wbr>tech</a><br>
<br></blockquote></div><br></div></div>