Allow access to webserver API from other locations
I'm playing around with the newly released Stream Deck SDK, and am trying to make a Stream Deck plugin that allows sending and receiving actions and data via the web interface.
This works ok for sending actions from the Stream Deck, but for receiving data - in this case a GET/EXTSTATE/key/value request - I run into problems because of the servers cross-origin policy. I get this error:
"No 'Access-Control-Allow-Origin' header is present on the requested resource"
The problem is basically that the Stream Deck runs it's plugin on it's own webserver - that is also on localhost, but on a different port.
Opening up for all cross-origin access is probably a security no-no, but how about the common solution of requiring an API key to be sent with a request?
Alternatively it could be solved if you for a web control surface entry could specify specific ports (or port ranges) on localhost that would be allowed access.
It would be super nice to be able to have a Stream Deck act as a Reaper control surface, and specifically being able to change its layout based on Reapers cursor context, so a solution for this would be most welcome.
|