MrKrisKrisu
commented
3 years ago Since the API is not intended to build a new frontend on a foreign domain, this is not needed in my opinion.
Closed xanderio closed 3 years ago
MrKrisKrisu
commented
3 years ago Since the API is not intended to build a new frontend on a foreign domain, this is not needed in my opinion.
xanderio
commented
3 years ago Maybe this is just a communication problem. What is the use case this API is intended for?
Without this header no interaction with the Traewelling API is possible from any browser what so ever.
In case the API is not indented for browser usage. Could you please explain your reasoning?
Describe the bug When sending a request to the official traewelling instance at https://traewelling.de/api/. The CORS header
Access-Control-Allow-Originisn't set in the response with causes the browser to block the request. This make it impossible to create any kind of third party web app.To Reproduce Steps to reproduce the behavior:
OPTIONrequest to any API endpointcurl -i https://traewelling.de/api/v0/auth/login -X OPTIONSAccess-Control-Allow-OriginheaderExpected behavior The
Access-Control-Allow-Originbeing set to*for all API endpoints.Desktop (please complete the following information):