andreasklinger
commented
8 years ago The error message you receive is a clean 404 or any error messages attached?
Closed m00s closed 7 years ago
andreasklinger
commented
8 years ago The error message you receive is a clean 404 or any error messages attached?
m00s
commented
8 years ago From the server nothing, from the console the canonic:
XMLHttpRequest cannot load https://api.producthunt.com/v1/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 404.
andreasklinger
commented
8 years ago Ok i think i see the issue
CORS expects the token to be present in the header which is a catch 22 with the client only token
i will allow the /v1/oauth/token endpoint w/o the token
Thanks for the bug report i will see if i can get this live during the weekend - if not monday
m00s
commented
8 years ago Awesome, thanks!
andreasklinger
commented
8 years ago just to make sure i dont bark up the wrong tree
can you try connecting to your server w/ some domain
eg add dev.foobar.com 127.0.0.1 to your /etc/hosts
browsers treat localhost a bit special from my understanding
andreasklinger
commented
8 years ago Rethinking this w/ coffee in my head
The error No 'Access-Control-Allow-Origin' header is present does not sound correct - we allow it for all v1/* requests.
Your 404 is from the preflight From my understanding preflight is before the actual payload - no body/no tokens etc - just a options request
Can you quickly test the localhost change - if this doesnt help i will finish my coffee + actually debug this ;)
m00s
commented
8 years ago yeah I know about chrome's restriction on localhost so I tried before and retried now, no luck
jschuur
commented
8 years ago Any update on this? I think I'm having the same problem, with a small code sample I'm trying out using client only auth: https://gist.github.com/jschuur/5d30d05be225c598acde
Works in Chrome, either under localhost or even an /etc/hosts alias. Doesn't work in Safari. Doesn't work in Chrome or Mobile Safari under iOS though.
Is there any workaround here, or do I need to use full user based authentication?
Update: I even went through the user auth process and got a token for my PH account and the results were the same: Works in Chrome on the desktop, but not in Safari. For the latter, I get
[Error] Failed to load resource: the server responded with a status of 404 (Not Found) (posts, line 0)
[Error] Failed to load resource: Origin http://192.168.0.2:3000 is not allowed by Access-Control-Allow-Origin. (posts, line 0)
[Error] XMLHttpRequest cannot load https://api.producthunt.com/v1/posts. Origin http://192.168.0.2:3000 is not allowed by Access-Control-Allow-Origin.
ghost
commented
8 years ago I am facing the same problem as @jschuur
merraysy
commented
8 years ago any updates ? @m00s @jschuur @andreasklinger
andreasklinger
commented
8 years ago unfort. currently not supported
best to do is add a simple proxy app somewhere
we will support it at some point but atm not the time - focusing on other stuff
sorry i aint got better news
Hi guys, I'm playing with your public api and following this API doc I get 404 on the preflight OPTION request.
I tried from
localhost,127.0.0.1and with angroktunnel, so I don't think it's related to a server side CORS origin restriction.This is the code I'm using, I tried also with other frameworks (just to be sure it is not related to ng2 that is still in alpha). Headers are sent and the client id/secret are taken from the application I created from the dashboard.
Is there something else I'm missing?