[annotator-dev] Annotator store flask

Nick Stenning nick at whiteink.com
Sun Apr 29 16:36:37 UTC 2012

On Sat, Apr 28, 2012 at 06:39, johnny jiang <johnny.nan.jiang at gmail.com> wrote:
> XMLHttpRequest cannot load http://www.cxware.net:5000/annotations. Request
> header field x-annotator-auth-token-issue-time is not allowed by
> Access-Control-Allow-Headers.

Hi Johnny,

This is a Cross-Origin Resource Sharing (CORS) error. Annotator uses
CORS in order to be able to communicate with the backend across

In particular, this error implies that your backend isn't sending the
headers it needs to in order to let the browser know that the
cross-origin requests it's making are allowed. You can find out which
headers you need to set by looking at the `after_request` hook in the
reference annotator-store:


That said, from the looks of your error, you may well be sending the
right headers at the backend but using an outdated version of the
Annotator Auth plugin. Support for the
"X-Annotator-Auth-Token-Issue-Time" header was removed in version
0.7.0 of the Annotator Store and version 1.2.0 of the Annotator.

Hope that sets you off in the right direction.

Best wishes,

More information about the annotator-dev mailing list