search

buzzsprout / buzzsprout-api

The official documentation for the Buzzsprout API (http://www.buzzsprout.com).
48 stars 11 forks source link

Request for list of episodes blocked by CORS #3

Closed claubatista closed 5 years ago

claubatista commented 5 years ago

Hello, how are you? I tried to make a GET request to the episodes.json endpoint using the browsers fetch API, but I was blocked by CORS.

I wonder if there is a way to work around it.

What I'm trying to do:

fetch ('https://www.buzzsprout.com/api/**********/episodes.json', {
     method: "GET",
     headers: {
         "Authorization": "Token token = *******************"
     }
})
   .then (function (data) {
     console.log (data);
   })
   .catch (function (error) {
     console.error (error)
   });

The error I'm getting:

Access to fetch at 'https://www.buzzsprout.com/api/*******/episodes.json' from origin 'https://www.google.com' has been blocked by CORS policy: Response Access-Control-Allow-Origin header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
VM62: 11 TypeError: Failed to fetch

Thanks. :)

johnlpollard commented 5 years ago

Sorry for the delay, I'm going to look at opening this up. I'll let you know once it's deployed.

johnlpollard commented 5 years ago

Can you try it now and let me know if it works for you?

claubatista commented 5 years ago

I tested it and it is working.

Thank you so much :)

emanuallan commented 4 years ago

I'm also having a similar issue

Access to XMLHttpRequest at 'https://www.buzzsprout.com/api/xxxxxx/episodes.json?api_token=xxxxxxxxxx' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

may also need to add another origin in the future.

Thanks!!

johnloringpollard commented 4 years ago

Hmm the response.headers['Access-Control-Allow-Origin'] is actually the only header we set to allow for CORS and its set as a wildcard on every API request.

Can you send me your code to reproduce?

emanuallan commented 4 years ago

There was a typo in my API Key, sorry about that. Fixed!

morrilet commented 4 years ago

It seems that this issue may be popping up again. I'm getting an error with preflight requests when running the code in the original issue description. Everything seems to work when passing my token as a URL parameter, but putting it in the headers triggers a preflight check that 404's and stops the actual request from going through.

Is the OPTIONS method also set to allow cross-origin requests?

johnloringpollard commented 4 years ago

@claubatista Are you sending the API Token in the headers or as a parameter?

claubatista commented 4 years ago

Hello, so I am sending it as a GET parameter on the URL

https://www.buzzsprout.com/api/<id>/episodes.json?api_token=<token>

johnloringpollard commented 4 years ago

@morrilet Can you try again now?

morrilet commented 4 years ago

Yep - that appears to have done it! Thanks for the speedy turn-around.

rsd-earl commented 1 year ago

I'm having the same issue working locally and getting bad credentials using Postman