CORS using admin api from electron app (Obsidian)

Hi! I’d like to be able to use the AdminAPI client library to be able to create and edit posts from my Obsidian vault (electron-based markdown note taking app).

I am working on a plugin for Obsidian to do just this. Any user who wants to use the plugin would have to enter their own API key into the plugin settings cache.

here is my repo for the plugin, specifically the instantiation of the GhostAdminApiClient

but I am unable to POST or PUT a post to my ghost site because of a CORS error

Access to XMLHttpRequest at ‘https://{myGhostUrl}/ghost/api/admin/posts/{postId}/?source=html’ from origin ‘app://’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I have read and understand that this admin api should not be used in a front-end client setting as to now expose the admin API key and capabilities but in this case since the user is entering their own key and not exposing it elsewhere I’m wondering if there’s a way I can work around this restriction? I haven’t found anything in my own searching…

This is a problem with a setting on the server side. Where are you hosting Ghost? I have a product that successfully makes calls from the web browser, both to self hosted and Ghost Pro, so it’s doable!

oh, that’s good to hear – I’m self-hosted!