[mythtv-users] Web interface scalability issue: Video Gallery

Bill Meek keemllib at gmail.com
Mon Sep 11 23:04:45 UTC 2023 

On Monday 11 September 2023 12:13:11 PM (-05:00), Paul Harrison wrote:

 > On 11/09/2023 17:27, Peter Bennett wrote:
 > 
 > >
 > > On 9/11/23 11:49, Mike Perkins wrote:
 > >> On 11/09/2023 14:03, Peter Bennett wrote:
 > >>>
 > >>> To configure a slave backend, you have to connect to the backend you 
are configuring, as in http://slave:6544. Nothing special is built into the 
APIs. The web app reads the settings and compares the Master server name 
against the host name to determine if this is a slave backend.
 > >>>
 > >>> I found that when you are running the web app from one backend you 
cannot use an API on another backend, the browser prevents it. This makes 
sense as otherwise a web page from the internet could access APIs on your 
internal network. There are probably ways to allow it, but I did not go 
into that.
 > >>>
 > >> Could I ask you to clarify that, for someone not in the development 
loop?
 > > Sorry, I did not describe it very well. What I am saying is if you run 
the web app from backend A, that web app page can call APIs on backend A 
but it cannot call APIs on backend B. Other applications can call the API 
on backend A or B. This restriction is only in the web app or other web 
apps, not in programs running on your server.
 > >>
 > >> Do you mean, use an API to backend B while your browser (presumably 
on a third host) is accessing the webapp on backend A?
 > > No, sorry for the confusion.
 > >>
 > >> Or do you mean that while your browser is accessing the webapp on 
backend A /nobody/ can use the API on any host?
 > >>
 > > No. Anybody else can call the API, only the web app is restricted.
 > >
 > > Peter
 > >
 > >
 > 
 > I've come across something similar before if I'm not mistaken it's 
something called CORS or Cross Origin Resource Sharing which most modern 
browsers block by default for security reasons. There are browser addons to 
allow CORS but we don't really want to go down that route.
 > 
 > 
 > I'd have to defer to someone more knowledgeable than me about the 
problem to suggest how best to avoid or work around the problem.
 > 
 > 
 > Paul H.

If -v http is set (or mythbackend --setverbose http is used), and it's 
CORS, a
message like this may be logged:

   ... "Disallowing CORS for origin: '%1'" (or Allowing if it's OK)
-- 
Bill

More information about the mythtv-users mailing list