Closed scotthelm closed 6 years ago
+1 to this. I've hit an issue where I am not in charge of the client and the client respects CORS. My only workaround is proxying.
I am definitely open to adding CORS support and I think it would be a great idea. I don't have a ton of free time right to work on it, but if someone wants to open a pull request I'd be happy to review and merge it.
So I looked into this tonight, and it looks like I added CORS support a couple of years ago in this commit. I'm not sure what it is I'm missing.
the api hosted at https://api.nasa.gov/
doesn't have CORS enabled but the https://mars-photos.herokuapp.com
one does
so instead of using
https://api.nasa.gov/mars-photos/api/v1/rovers/curiosity/photos?sol=1000&api_key=DEMO_KEY
use
https://mars-photos.herokuapp.com/api/v1/rovers/curiosity/photos?sol=1000
it has CORS so you can load it from any domain and you don't need an api key
Thanks for the info. I actually didn't realize that. Unfortunately I don't have much control over what NASA does with their site, but the api.nasa.gov version is just reverse proxied to the mars-photos.herokuapp.com version, so feel free to use whichever serves your purposes.
Are you open to adding CORS support? It would make dealing with the API directly with JavaScript possible. I think this could be accomplished relatively painlessly via the rack-cors gem. I have also found this comment to be very helpful for doing the configuration.
Thanks!