[Zwerver]

I'm writing a JavaScript client to collect movie lists from different (website) resources, but I'm unable to use the API of Kodi because of CORS rules. It's a GET request, and pasting the url in my browser works fine. Using the url in a JavaScript application to fetch results doesn't work:

Access to fetch at 'http://192.168.0.140:8080/jsonrpc?request=%7B%22jsonrpc%22%3A%222.0%22%2C%22params%22%3A%7B%22sort%22%3A%7B%22order%22%3A%22ascending%22%2C%22method%22%3A%22title%22%7D%2C%22properties%22%3A%5B%22title%22%2C%22art%22%2C%22file%22%5D%7D%2C%22method%22%3A%22VideoLibrary.GetMovies%22%2C%22id%22%3A%22libMovies%22%7D' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.:

In the Kodi settings "Allow remote control by programs on this system" is enabled
In the Kodi settings "Allow remote control by programs on other systems" is enabled (probably not needed, just to be sure)
Using JSON-RPC with HTTP GET has the same error
Using JSON-RPC with HTTP POST has the same error
Using JSON-RPC with an (outdated) winsocket library (https://www.npmjs.com/package/kodi-ws) has (roughly) the same error
I also examined some opensource projects but those were for mobile use (different security requirements) or outdated.

It's clear what the problem is, but I'm unable to find a client sided solution. It appears the problem is server-side. After a six hour search I'm a bit lost. But I'm quite certain I'm not the only person on this planet trying to use the JSON-RPC interface

What am I doing wrong?

[Zwerver]

The error message seems missing, so here it is:

Access to fetch at 'http://192.168.0.140:8080/jsonrpc?request=%7B%22jsonrpc%22%3A%222.0%22%2C%22params%22%3A%7B%22sort%22%3A%7B%22order%22%3A%22ascending%22%2C%22method%22%3A%22title%22%7D%2C%22properties%22%3A%5B%22title%22%2C%22art%22%2C%22file%22%5D%7D%2C%22method%22%3A%22VideoLibrary.GetMovies%22%2C%22id%22%3A%22libMovies%22%7D' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

[Zwerver]

(bump) It appears to be very difficult given the amount of responses on this threat :-)

[Zwerver]

Someone coded the solution for this problem and there is a pull request for it! https://github.com/xbmc/xbmc/pull/12252 :-)
Nobody merged this code for more than a year though... :-(

The API is broken, this community is obviously dead and I'm stuck. My work-around is using a MariaDB storage and access the data directly.

Bye