WHM API CORS

Berenger Z

• November 07, 2019 10:55

Hi! I am already using the WHM and cPanel APIs through some PHP, and we are looking into something more flexible through react/JS. I have been looking into basic node libraries, like vially/cpanel-lib or claude-abounegm/cpanel-rest-api, BUT I am quickly hitting a wall: CORS. It seems that the json-api does not send any cors data (Cross-Origin Resource Sharing), authorizing a ressource to access the data. A simple fetch with the correct authorization works, but browsers now refuse to use APIs that don't send appropriate CORS. Question is: How can set appropriate CORS response headers for the JSON-API, authorizing * or just my domain? It seems that the json-api does not use Apache (I do not see any log there from the json-api), right? Again, it is not an issue of token or auth, my calls work in Insomia, shell, or PHP (cURL). It's just about the headers sent by the json-api. Thank you!

• 

  cPanelKenneth

  • November 07, 2019 17:31

  Hi, cPanel & WHM do not provide support for CORS at this time. You are correct that Apache is not used as the web service for cPanel & WHM. We use a custom daemon named cpsrvd. That daemon provides support for X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy, but none of the CORS headers.

  0
• 

  Berenger Z

  • November 07, 2019 17:41

  Alright! Thank you for your detailed reply. No use for such a Node library through the browser then.

  0

Please sign in to leave a comment.