Open markleiber opened 9 years ago
A big :+1: to enabling CORS. Our team included a requirement for CORS (and specifically CORS but not JSONP) in our API Standards. There's a bit more information there, as well as in the related issue thread.
Enabling CORS on USDA's end will enable 3rd party mashups much, much more easily and if you want USDA data to be re-used by more people, this will do a lot to help that.
cc: @konklone, @adelevie, @seanherron, @benbalter.
We've enabled CORS (Access-Control-Allow-Origin:*) for the Nutrient Database API. Sorry for overlooking this! Gary
This seems more or less fixed. I can get the search results from the API using CORS, if I use a search term that returns a result, e.g. searching for "whiskey":
http://api.nal.usda.gov/ndb/search/?format=json&q=whiskey&max=50&offset=0&api_key=APIKEY
However, when I search for a term that wouldn't return a result (e.g. 'whiskers'), I get the following error in my browser:
XMLHttpRequest cannot load http://api.nal.usda.gov/ndb/search/?format=json&q=whiskers&max=50&offset=0&api_key=APIKEY. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my.local.domain' is therefore not allowed access. The response had HTTP status code 404.
However, I would expect a response like the one I get in Postman, which is a JSON object with, among other properties, a message stating "Your search resulted in zero results.Change your parameters and try again".
I receive an error message in Firefox and Chrome like this: { "errors": { "error": [ { "status": 400, "parameter": "results", "message": "Your search resulted in zero results.Change your parameters and try again" } ] } }
However the 404 response is incorrect. IMO, it should be 200 since correctly formed JSON (or XML) is returned.
Would you consider adding an "Access-Control-Allow-Origin:*" header or adding support for jsonp requests to allow ajax requests to your APIs?