Cross origin AJAX requests blocked

codingbadger / instant-tokens.com

11 stars 0 forks source link

Cross origin AJAX requests blocked #3

Closed antoinelouis closed 4 years ago

antoinelouis commented 4 years ago

I have the following error when I perform an AJAX request:

Access to XMLHttpRequest has been blocked by CORS policy: 
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Can you enable cross origin requests?

codingbadger commented 4 years ago

Hi,

CORS is already configured and enabled for GET/OPTIONS. Can you post your code, removing any sensitive information?

Thanks

antoinelouis commented 4 years ago

Thank you for your reply.

I am using the same code snippet used in the wiki section (I removed sensitive information):

           var instantTokenApiUrl = 'https://ig.instant-tokens.com/users/XXX/instagram/XXX'

            $.ajax({
                url: instantTokenApiUrl,
                dataType: 'json'
            })
                .done(function (response) {

                    if (!response.Token) {
                        console.log('Error :: ', response);
                    } else {
                        var feed = new Instafeed({
                            accessToken: response.Token
                        });
                        feed.run();
                    }
                });

Error in the javascript console:

Access to XMLHttpRequest at 'https://ig.instant-tokens.com/users/...' from origin 'XXX' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://ig.instant-tokens.com/users/XXX net::ERR_FAILED

codingbadger commented 4 years ago

Is that the actual url you are using? If so it looks incorrect, you should be using something along the lines of https://ig.instant-tokens.com/users/XXX/instagram/XXX/token?userSecret=XXXX

antoinelouis commented 4 years ago

The URL I use is correct, everything is working fine when I bypass the cross origin restriction on safari developer settings. Rest of the time the request is blocked and I have the error on the console.

antoinelouis commented 4 years ago

In the meantime I tried the second technique you just implemented with the external JS file, which worked nicely. I'll leave the issue open for now.

codingbadger commented 4 years ago

Glad that it is working using the JS File. Have you tried explicitly setting the Access-Control-Allow-Headers on the request?

codingbadger commented 4 years ago

Closing due to inactivity