UM3 API and CORS

[frejete 0]

Hello,

I wanted to write a quick dashboard that would show the video feed, the loaded materials and the printer status (free, printing with completion percentage, need to remove the finished print) for our Ultimaker 3 printer at the office so that everyone can see at a glance what's up without standing up from their desk or launching Cura.

This would be pretty simple with a simple HTML and Javascript webpage but I can't call the API because of CORS restrictions. I don't really want to install a server with a server side script to proxy my calls to the API.

Would it be possible to add unrestricted CORS headers to the API server

Access-Control-Allow-Origin: *

, or have JSONP support?

[robinmdh 100]

hi frejete,

All the read information requests should not be locked down or require authentication.

So a pure information page can be done easily.

Changing things about the printer will require authentication though.

We'll want something like this for ourselves as well but then having some login would still be required, we don't want to make an inherently unsecure machine, like some internet of things machines are these days.

Besides that you can even use the username password prompt you get right now with proper authentication data if you want to... (requires some Linux knowledge or python scripting).

your browser can save it for you even if it is some unreadable string...

[Daid 306]

CORS with * disables all authentication, and thus breaks our authentication implementation. We could set it for pages that do not require authentication, but that gets a bit more complex pretty fast.

However, maybe a better deal for all of us. We currently don't have a dashboard implementation scheduled yet. But I do want a landing page. So I wouldn't mind including your dashboard implementation in the next firmware release as just the default landing page.

[Tomhe 21]

A screen with the temperature graph, camera feed, printer status and maybe log data would be ideal. Especially when you have multiple printers that are not close to your desk. All of these things are now scattered over multiple pages and cura.

[BHPO-AR 0]

I'm also trying to build a dashboard, in SharePoint, so I don't have the ability to enable CORS on the server. It would be great if the API had the ability to return JSONP to get around this.

[coderforlife 0]

There is a way to add CORS support to the printer without breaking authentication. You do not need to respond with the

Access-Control-Allow-Origin : *

header instead you can reply with an Access-Control-Allow-Origin header that copies the request Origin (which will always be provided if it matters for CORS). I added the following code to /usr/share/griffin/griffin/interface/http/server.py and it now allows CORS:

# At the end of __init__:

        # Add CORS support
        self.after_request(Server.allow_cors)

# At the end of Server:

    @staticmethod                                           
    def allow_cors(response):                                    
        if "Origin" in flask.request.headers:                                                                                
            response.headers["Access-Control-Allow-Origin"] = flask.request.headers["Origin"]
            response.headers["Vary"] = "Origin"
        return response                              

Then you have to restart the HTTP server with 

systemctl restart griffin.interface.http

or just restart the machine.

 

It would be nice if this showed up in the next firmware update so we don't have to go into developer mode to do it.