Closed xanderio closed 3 years ago
Since the API is not intended to build a new frontend on a foreign domain, this is not needed in my opinion.
Maybe this is just a communication problem. What is the use case this API is intended for?
Without this header no interaction with the Traewelling API is possible from any browser what so ever.
In case the API is not indented for browser usage. Could you please explain your reasoning?
Describe the bug When sending a request to the official traewelling instance at https://traewelling.de/api/. The CORS header
Access-Control-Allow-Origin
isn't set in the response with causes the browser to block the request. This make it impossible to create any kind of third party web app.To Reproduce Steps to reproduce the behavior:
OPTION
request to any API endpointcurl -i https://traewelling.de/api/v0/auth/login -X OPTIONS
Access-Control-Allow-Origin
headerExpected behavior The
Access-Control-Allow-Origin
being set to*
for all API endpoints.Desktop (please complete the following information):