karussell
commented
7 years ago This will be fixed in the next days via adding the header:
Access-Control-Expose-Headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Credits
Closed sebdey closed 7 years ago
karussell
commented
7 years ago This will be fixed in the next days via adding the header:
Access-Control-Expose-Headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Credits
opoto
commented
7 years ago Hi Had this fix been released? Thanks
karussell
commented
7 years ago Hmmh, it should have been but does not look so. Will investigate.
karussell
commented
7 years ago We set Access-Control-Expose-Headers only if the http method is "options", which should make it working on all recent browsers. If you had a problem with this, would you mind to let me know your browser version etc?
opoto
commented
7 years ago Tested on latest Chrome and Mozilla on Windows, Ubuntu and Android and it does not work. Why only set the header on OPTIONS? It should be on GET too. Whether it works or not can be easily tested with one click (replace MY-KEY with valid key): http://www.test-cors.org/#?client_method=GET&client_credentials=false&server_url=https%3A%2F%2Fgraphhopper.com%2Fapi%2F1%2Froute%3Fpoint%3D43.2301414%2C5.4369798%26point%3D43.23088361474902%2C5.43874740600586%26point%3D43.23150897353908%2C5.442867279052735%26point%3D43.23113375903503%2C5.444755554199219%26instructions%3Dtrue%26type%3Djson%26key%3DMY-KEY%26vehicle%3Dfoot&server_enable=true&server_status=200&server_credentials=false&server_tabs=remote
karussell
commented
7 years ago Strange, a customer requested this and tested this with the same website and it worked for them. Will have to read more what the correct procedure would be.
karussell
commented
7 years ago Sorry, was confusing Access-Control-Allow-Headers (only for preflight query) and Access-Control-Expose-Headers. Will fix
karussell
commented
7 years ago Fixed
After email exchange with Peter K, it seems like using the response header of every response (not only the errors, see https://graphhopper.com/api/1/docs/#http-error-codes) to determine the remaining credits is currently not working as the headers are not properly set.
Example:
The request: https://graphhopper.com/api/1/route?point=46.43762,6.90974&point=46.44818785131702,6.873624015034138&instructions=false&type=json&key=[some_key]&vehicle=foot&elevation=true
The response's headers HTTP/1.1 200 OK Server: nginx Date: Wed, 23 Dec 2015 09:24:13 GMT Content-Type: application/json;charset=utf-8 Content-Length: 714 Connection: keep-alive Access-Control-Allow-Origin: * X-RateLimit-Limit: 500 X-RateLimit-Remaining: 480 X-RateLimit-Reset: 17008 X-RateLimit-Credits: 1 Strict-Transport-Security: max-age=31536000; includeSubDomains;
By looking at Firebug's logs, it seems that the Access-Control-Expose-Headers key is not set in the response header (whereas the Access-Control-Allow-Origin is indeed set to 'widlcard').