Open TomCaserta opened 10 years ago
Seconded. This is important.
Any update on this?
fuck you mojang. 5 years later and still this shit
fuck you mojang. 5 years later and still this shit
Well, it's Microsoft now
@github/Mojang U SUCK Can you just allow cross-origin requests? This is getting annoying. There's a "public" API, but other sites cannot use it because you restricted it. Dude, this API is useless if it's not accessible. (I know there's a server-side proxy solution, but that requires a server) Not developer-friendly stuff.
I think the problem is they dunno what happened and what is CORS. Lemme explain:
Browsers has a new CORS restriction where XMLHTTP request cannot get a request from a different origin without special http header (so this is known as cross-origin resource sharing(CORS) restriction). For example, when a client(browser) load a webpage, it send a request from let's say "domainA.com", then domainA returns the webpage content, as well as other resources such as images, audio files, and scripts. XMLHTTP request is a constructor that includes the function(yes, I'm full stack JS developer) to send a http request to a server to get resources and API responses. Becasue of security issue(this security part I don't totally understand), browser doesn't allow XMLHTTP request from other domains, unless CORS is allowed. Let's take the example again, a webpage of domainA.com wants to call an API request to domainB.com, so a XMLHTTP request is sent. As the response goes in, browser evaluates the response for security. As it founds that domainB.com is different domain from domainA.com, it blocks it for whatever reason, and that means no API response. The way to fix it is to (1) Use server-side proxy. Take the example again, webpage of domainA.com send a request to server of domainA.com, and that server is coded to have an API to grab resources from domainB.com, and then send it to the webpage. However, that requires a working API, which means an always active server and that is hard for static website. There comes a solution (2), CORS. With the example again, the browser evaluates the http response when it loads, so that's when it got blocks. If domainB.com can add a tag in header: Access-Control-Allow-Origin:
, which means that any site can get my sources so browser doesn't block https request during response evaluation and cause CORS error
Edit 1: Fix grammar ofc Edit 2: Add how to fix Edit 3: Fix grammar...
Why is it called a Public Api if you cant access it
Guys I found https://api.ashcon.app/mojang/v2/user/Notch, I don't know how reliable it is but it has everything in one request.
Whilst the API is just for retrieving account UUIDs can you please allow cross origin requests from browsers:
http://enable-cors.org/
Thanks,