iccowan
commented
2 years ago @andreas-paul I'm glad you're looking at using my API! My apologies on the delayed response.
Have you been able to find a solution for this problem? I did some research, and this is built in by PHP to prevent CSRF attacks. This is not something that can be turned off for that reason. It would be best to see if there's some way to prevent the call from having a cross origin like this in MSFS.
I am planning on rebuilding the API at some point soon, so a feature I would consider adding is having a way to make a call and request METAR information being generated and placed in a file, then that file is accessible for 10 seconds or so. If I'm thinking correctly, that should get around that error (it's just like navigating to the webpage and then accessing a file). If this would be a viable solution, I'd be more than happy to consider making this enhancement.
andreas-paul
Hi there!
I'm developing a small tool for MSFS to request METARs from within the game, and I found your API, which is great!
The tool basically uses HTML and JS to perform GET requests to the API using the FETCH functionality. Since these request are done as localhost from within MSFS, and MSFS seems to use a browser internally, the request first sends a HEADERS OPTIONS request to your API. The response from your server does not seem to allow requests from localhost, and I get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error. Using a local proxy works just fine, also from within MSFS (using https://www.npmjs.com/package/local-cors-proxy).
So my questions is if this intentional, or if there is a way to allow requests from MSFS? :)