[annotator-dev] Access-Control-Allow-Origin error when using annotateit.org as the annotation store for my app

Rouan Wilsenach rouanw at gmail.com
Mon May 13 07:58:03 UTC 2013

Hi all

I was hoping someone could help me figure out CORS for my app. I'm
using Annotator
1.2.6 with annotateit.org as my backend store. I get the error below when
loading a page that uses annotator.
In Chrome:
XMLHttpRequest cannot load
*<my-uri>*. Origin http://localhost:3000 <http://localhost/> is not allowed
by Access-Control-Allow-Origin.

In Firefox the error is less descriptive:
"NetworkError: 500 Internal Server Error -

I've tried this on localhost, using http://lvh.me and on my staging
environment - all with the same results.

My javascript looks something like this:

jQuery(function ($) {
> $('.annotated-content').annotator()
> .annotator('setupPlugins', {}, {
>                    Tags: false,
>                    Filter: false,
>                    Auth: {tokenUrl: '/auth/token'}
>                  });
> });

And I've implemented the auth/token endpoint like this (Rails):

  def token
> render :json => JWT.encode({
>     :consumerKey => CONSUMER_KEY,
>     :userId => session[:user_id],
>     :issuedAt => Time.now.utc.iso8601,
>     :ttl => CONSUMER_TTL
>   end

>From what I can tell, the annotator store is doing what it's meant to do in
terms of allowing cross-domain requests, in the after_request of store.py,
where the '/search' action lives (

Any ideas for what I can try to address this or to debug it further?

As an aside - is there a sandbox store available so that I don't have to
hit the real annotateit.org with all my test requests?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20130513/347b69d2/attachment-0001.html>

More information about the annotator-dev mailing list