CORS Blocking with /topictree endpoint

[jb-1980]

Last time (maybe a month ago) I tried my app at https://jb-1980.github.io/khan-video-linker/ was working fine, but as I am trying to use it this morning I am getting an error indicating the data is blocked because of CORS. Did you recently update the /topictree endpoint?

If we visit the url to fetch exercises, http://www.khanacademy.org/api/v1/exercises, this is what I see in the response headers:

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
...

Looking at the response headers for https://www.khanacademy.org/api/v1/topictree?kind=Video we see:

content-encoding: gzip
content-type: text/html;charset=utf-8
date: Wed, 22 May 2019 13:19:50 GMT
server: Jetty(9.4.z-SNAPSHOT)
status: 200
vary: Accept-Encoding
via: 1.1 google

There is no Access-Control-Allow-Origin header. I can't say that there was, but I can say that my app was working last time I needed it and now it isn't. And that setting Allow-Control-Allow-Origin on the server is the way to resolve the CORS issue.

So the only way I can see for me to resolve the issue is if you can fix the headers on the server, or I can set up a proxy server. But setting up a proxy server seems like overkill for this project.

So pretty please, can you add the appropriate headers? I would be ever so grateful.

[tomyedwab]

Thank you for reporting this. We are tracking this as a bug and will update this ticket when it is fixed.

[jb-1980]

Hello, any update on this? I am currently using a proxy server. But it is in a free sandbox that takes 30s to spin up, and being able to access this with fetch from the browser would be really nice.

[bsmarsh333]

Also experiencing the same problem. Impacting our teachers and students.