Curiosity manifest - No "Access-Control-Allow-Origin" header

[frankiescott]

I'm trying to query the manifest for curiosity to retrieve the max earth date for which photos exist. when I enter https://api.nasa.gov/mars-photos/api/v1/manifests/curiosity?api_key=DEMO_KEY into my browser, I get the JSON response as expected. when making a request through js, I get this error:

Failed to load https://api.nasa.gov/mars-photos/api/v1/manifests/curiosity?api_key=DEMO_KEY: No 
'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not 
allowed access.`

I'm new to this, not exactly sure what it means!

[qwazwsx]

as described in #28

Unfortunately I don't have much control over what NASA does with their site, but the api.nasa.gov version is just reverse proxied to the mars-photos.herokuapp.com version, so feel free to use whichever serves your purposes.

use https://mars-photos.herokuapp.com/api/v1/manifests/curiosity instead. It both has Access-Control-Allow-Origin header set to and doesn't require an API key*

all of the endpoints are the same just substitute https://api.nasa.gov/mars-photos/ with https://mars-photos.herokuapp.com/

sidenote:

Access-Control-Allow-Origin is a header sent on requests that specify what domains the request can be initiated from. In this case, the header is set to only nasa.gov. This header is only a suggestion though, browsers follow it for security purposes, but for example curl or wget don't have to. If you set this header to * it allows the request to be initiated from anywhere. You can read more about it here

edit: pull request #72 made to readme to clarify this

[frankiescott]

thanks @qwazwsx I will give that a try. the API seems to be down at the moment but I appreciate the reply and apologize that this has already been covered previously.