CORS Error in article API. Potential fix included.

[cswendrowski]

In GitLab by @johnnolan on Sep 18, 2021, 01:24

Clicking the sync button in FoundryVTT for articles causes CORS errors to return from the Article API Endpoint

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at xxxxx (Reason: CORS header 'Access-Control-Allow-Origin' missing)

Using Postman with the same api call I get the same error

curl --location --request GET 'https://www.worldanvil.com/api/aragorn/article/(GUID)?x-application-key=xxx&x-auth-token=xxx

Changing the request from a params to a header gives a success.

curl --location --request GET 'https://www.worldanvil.com/api/aragorn/article/(GUID)' \ --header 'x-application-key: xxx' \ --header 'x-auth-token: xxx'

Would this be solved by changing the folowing lines to use the header instead of params? https://gitlab.com/foundrynet/world-anvil/-/blob/master/module/api.js#L66-67

[cswendrowski]

Hey John, thanks for the report. I'll have to check with Dimitris and the WA team to see if something has changed with the way they require authentication materials to be passed.

[cswendrowski]

In GitLab by @johnnolan on Sep 18, 2021, 13:32

Legend, thank you Andrew, love the module, shout if you need any help testing. John

[cswendrowski]

In GitLab by @adrien.schiehle on Sep 18, 2021, 16:56

Hello, Dimitris is already aware of this problem.

I suspected a problem on WA side, since it occurred just after their CRUD release. I told the WA team what the problem was yesterday morning.

They had the same reaction : See with FVTT why we use authentication tokens as parameters. And with Postman and headers, they also make it works. (The guy I worked with is named SoulLink on discord if it rings a bell)

Dimitris took the problem a little later. I didn't get any feedback yet.

Tried to change the fetch() method inside world-anvil module => Dang! CORS strike back.

In my view, it may come from additional libraries they included on last release.

[cswendrowski]

In GitLab by @adrien.schiehle on Sep 18, 2021, 17:05

In this new version, they released the /category/{id} API, that was missing. We will now be able to build back our category tree on FVTT.

I was eager to make a little upgrade on the WorldAnvilBrowser in fvtt module, but unfortunately, it's one of the requests that are failing.

Requests that are still working:

• /user?application-key=...
• /world/{id}
• /world/{id}/articles

Requests that are now failing:

• /article/{id}
• /category/{id}

[cswendrowski]

In GitLab by @adrien.schiehle on Sep 19, 2021, 08:08

Nevermind what I said on categories.

The following request works :

• /world/{id}/categories

I was able to retrieve categories and use them when displaying WorldAnvilBrowser.

Here is what it looks like :

EDIT: Sorry, I just realized that it hasn't really any link with this Issue name. I sidetracked from subject. But I wanted to share my joy :innocent:. Feel free to delete this post if you think it hinder this issue resolution

[cswendrowski]

No worries @adrien.schiehle - I'm going to keep this issue about the CORS problem and fix for that (although I think the fix will be needed on the WA side).

Let's use a separate issue to explore adding support for the category API!

[cswendrowski]

In GitLab by @adrien.schiehle on Sep 21, 2021, 02:00

:tada: Dimitris made it work!

We can synchronize our articles again !