Closed sebdey closed 7 years ago
This will be fixed in the next days via adding the header:
Access-Control-Expose-Headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Credits
Hi Had this fix been released? Thanks
Hmmh, it should have been but does not look so. Will investigate.
We set Access-Control-Expose-Headers only if the http method is "options", which should make it working on all recent browsers. If you had a problem with this, would you mind to let me know your browser version etc?
Tested on latest Chrome and Mozilla on Windows, Ubuntu and Android and it does not work. Why only set the header on OPTIONS? It should be on GET too. Whether it works or not can be easily tested with one click (replace MY-KEY with valid key): http://www.test-cors.org/#?client_method=GET&client_credentials=false&server_url=https%3A%2F%2Fgraphhopper.com%2Fapi%2F1%2Froute%3Fpoint%3D43.2301414%2C5.4369798%26point%3D43.23088361474902%2C5.43874740600586%26point%3D43.23150897353908%2C5.442867279052735%26point%3D43.23113375903503%2C5.444755554199219%26instructions%3Dtrue%26type%3Djson%26key%3DMY-KEY%26vehicle%3Dfoot&server_enable=true&server_status=200&server_credentials=false&server_tabs=remote
Strange, a customer requested this and tested this with the same website and it worked for them. Will have to read more what the correct procedure would be.
Sorry, was confusing Access-Control-Allow-Headers (only for preflight query) and Access-Control-Expose-Headers. Will fix
Fixed
After email exchange with Peter K, it seems like using the response header of every response (not only the errors, see https://graphhopper.com/api/1/docs/#http-error-codes) to determine the remaining credits is currently not working as the headers are not properly set.
Example:
The request: https://graphhopper.com/api/1/route?point=46.43762,6.90974&point=46.44818785131702,6.873624015034138&instructions=false&type=json&key=[some_key]&vehicle=foot&elevation=true
The response's headers HTTP/1.1 200 OK Server: nginx Date: Wed, 23 Dec 2015 09:24:13 GMT Content-Type: application/json;charset=utf-8 Content-Length: 714 Connection: keep-alive Access-Control-Allow-Origin: * X-RateLimit-Limit: 500 X-RateLimit-Remaining: 480 X-RateLimit-Reset: 17008 X-RateLimit-Credits: 1 Strict-Transport-Security: max-age=31536000; includeSubDomains;
By looking at Firebug's logs, it seems that the Access-Control-Expose-Headers key is not set in the response header (whereas the Access-Control-Allow-Origin is indeed set to 'widlcard').