tomstuart
commented
6 years ago I’ve run into a problem with this, which is that the URLs that come from /api/1/all (e.g. https://datarightsfinder.org/organisation/gb/03849958.json) redirect to a different hostname (e.g. https://www.datarightsfinder.org/organisation/gb/03849958.json). The redirect is presumably being done by nginx, so it doesn’t include a CORS header, which prevents the request from succeeding when it’s made by client-side JS.
CORS is a security feature that stops a website from making a request to get data from a URL, if that URL is not on the same domain as the requesting website. This is a good security feature, but stops third party websites from requesting data from DRF, particularly if the website uses React or jQuery.
To fix this, I've used the
corsNode library to make an exception to the API endpoint addresses, so they can be requested by third party websites.