Hi there,

I would like to use the API in mailcow to create a mailbox. If I send off a request I am keep getting the following error:

“Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

I know this is a cross domain issue, therefor I have adapted the settings in

/opt/mailcow-dockerized/data/conf/nginx/site.conf

server {
root /web;
listen 80 default_server;
listen [::]:80 default_server;
include /etc/nginx/conf.d/server_name.active;
if ( $request_uri ~* “%0A|%0D” ) { return 403; }
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type “text/plain”;
}

location /.well-known/host-meta {
default_type ‘application/json’;
add_header Access-Control-Allow-Origin ‘*’ always;
}

location / {
return 301 https://$host$uri$is_args$args;
}
}

server_tokens off;
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g;

// file end

Anyway it doesn’t work!!! Can someone please tell me, how to allow posts from another server?

Regards

Kiwi

  • Hello diekuh,

    I guess you don’t know what I mean, so we aren’t on the same page. Anyway, I developed my own api, now I can access.
    THX

    Kiwi

  • diekuh

    • Community Hero
    • volunteer
    Moolevel 110
  • Post #2

You can use the API from all remote locations. There is no such limitation from our side. As long as you use the correct API key and allow your IP, it works fine.

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

Hi,

thx for the reply. The API call only works, as long as I am using the “Allow CORS: Access-Control-Allow-Origin” plugin in my Chrome browser. As soon as I deactivate it, I am getting this: (Reason: CORS header “Access-Control-Allow-Origin” missing).

You have to set this either in nginx, or directly in the programming code! Where can I set this? For instance in nodejs I would handle it like this:
var cors = require(‘cors’)
app.use(cors())

Sending an ajax request from one domain to another without setting Access-Control-Allow-Origin, would be a security issue. Therefore it’s blocked. So does anyone know how to allow this in mailcow???

Regards

Kiwi

  • diekuh

    • Community Hero
    • volunteer
    Moolevel 110
  • Post #4

I can curl the API from anywhere. I don’t understand your problem.

You cannot post from another website via JS etc. - yes.

Hello diekuh,

I guess you don’t know what I mean, so we aren’t on the same page. Anyway, I developed my own api, now I can access.
THX

Kiwi

  • diekuh

    • Community Hero
    • volunteer
    Moolevel 110
  • Post #6

Ah, okay. Great you solved it. 🙂

No one is typing