Onshape REST API using JavaScript

gary_clough057

We are using the Onshape REST Api to extract data from Onshape.  We have this working using C# as well as Node.js, but I would like to do the same from client-side javascript.  Everything is in place using Ajax and I've verified all authorization headers are correct.  My problem is currently with the  "Date" header throwing the error: Refused to set unsafe header "Date".
. 
Is this even possible or has anyone accomplished this?

Thanks for any help...
-Gary

jakeramsley

Can you give a little context why you want to use a Date header for a client request call?

awk

The browser prevents javascript from setting a number of headers as a mechanism to stop forms of Cross Site Scripting and/or replay attacks from a compromised client. There is no work-around to avoid the browser if you're trying to set some header values from javascript in the browser.

I'd echo Jake's point too - why do you need to set the Dates header on a REST API call? I can't think of any of our APIs that are particularly specific to the Date header. Furthermore we expect the REST API calls to be made from a server context and not directly from a browser.

gary_clough057

Thank you for your replies... Based on the sample code from GitHub demonstrating the usage of the API Key ( https://github.com/onshape-public/apikey ) I was under the impression it was required.  I tried removing it from the Node.js example and I got a 401 unathorized.  Here are the Headers that are working with the Node.js and C# implementations:

    headers['On-Nonce'] = onNonce;

    headers['Date'] = authDate;

    headers['Authorization'] = asign;

    headers['Accept'] = 'application/vnd.onshape.v1+json';

Thanks again for the help.