Device API Access-Control-Allow-Origin


I am trying to make the Device api work with HTML and Javascript but cors is blocking me from doing api call with Javascript. When i open the dev tools I get the error that origin form ‘null’ has been blocked because the Access-Control-Allow-Origin header is not present on the requested resource.

So I setup a local webserver using nginx and set the Access-Control-Allow-Origin to * as instructed here: and it worked fine.

I also tested it with the InControl2 api and these have the Access-Control-Allow-Origin so it also worked fine.

So I was hoping i you could implement the Access-Control-Allow-Origin header on the device webserver so I can use the device api with Javascipt. I can work around it by disabling some security options in chrome but I rather not do that.

Kind regards,

Dylan van Elst

Hello there,

Is there any improvements about that ?

Best Regards,

Samuel, Careprod Dev Team


Its been a while since I touched the API but to test the API in chrome I think I started chrome with these parameters to disable security and then it works just fine:

chrome.exe --disable-web-security --disable-gpu --user-data-dir=~/chromeTemp

I believe I had no issues using Electron.
Also postman is a great way to see what the API outputs.

Kind regards,