Hyperlinks and CORS

A hyperlink in my dashboard uses a webCoRe external execution URL to fire off a piston. This works fine except the dashboard reports “HTTP GET failed” when I use the tile with that hyperlink. Upon investigating, I saw a CORS error in the JavaScript log. My browser is unhappy with executing code from a remote website that makes a network connection to a third party site – for good reason.

Rather than making all SharpTools users run CORS-defeating plugins on every browser on every device with which they access their dashboards (assuming they’re so universally available) , I was thinking that SharpTools could either add a “Access-Control-Allow-Origin: *.api.smartthings.com” (I think I’ve got that right) header to the dashboard or just give the option to suppress the error, at least for CORS policy errors.

Or is there a better solution?


You’re on the right track. :slightly_smiling_face: It’s WebCoRE (or SmartThings in this case since they host it) that would need to add the CORS header to the response though.

Internally, we’ve also discussed adding an option to the special REST API Hyperlink syntax that would allow you to route the request through our servers which is another approach to work around CORS errors.