API call returns error despite status code 200

geoffdavis92 commented 7 years ago

I'm getting a 'Access-Control-Allow-Origin' header error on an API call, but the Headers in my network tab show a 200 OK status code and the correct data returning in the response/preview tabs.

I am using a Javascript library to make an AJAX call from an https:// secured GH pages site.

Notes:

I've searched for the particular ZIP code before, and received the same error
I tried using @amrsh's workaround in #535, by sending .../locate?badParam=badValue as a cache busting call, but to no avail
I have cleared my local and GH page site browser caches and the Cloudflare cache I use in front of my GH pages site
Searching for other ZIP codes that I had not yet searched for allow my JS to work as intended

This would not be a problem if the browser/server allowed me to retrieve the data returned in the response, but because of the CORS error, it blocks the returning data from entering my JS scope.

The following are my request/response headers from my network tab:

General

Request URL:https://congress.api.sunlightfoundation.com/legislators/locate?zip=[ZIP_CODE]
Request Method:GET
Status Code:200 
Remote Address:[MY_REMOTE_ADDRESS]

Response Headers

age:2748
content-encoding:gzip
content-type:application/json; charset=utf-8
date:Wed, 15 Feb 2017 15:53:17 GMT
server:nginx/1.1.19
status:200
status:200 OK
vary:Accept-Encoding,Accept-Encoding
via:1.1 52e0e6fa81aadeace92f9bb6da8543da.cloudfront.net (CloudFront)
x-amz-cf-id:Hjn1-DYzO1fpWS_xo_dWYaUGU_meert-LObMQz_BqEOc31sqrBF4zQ==
x-cache:Hit from cloudfront

Request Headers

:authority:congress.api.sunlightfoundation.com
:method:GET
:path:/legislators/locate?zip=[ZIP_CODE]
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, sdch, br
accept-language:en-US,en;q=0.8
cache-control:no-cache
dnt:1
origin:https://[MY_SITE]
pragma:no-cache
referer:https://[MY_SITE]/[SUB_PAGE]/
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36

jnshi commented 7 years ago

I am also having this issue. I've noticed that sometimes I request from my site on an http connection, and the 'Access-Control-Allow-Origin' value refers to the https version of my site, and sometimes vice-versa.

I suspect this is because I've been inconsistent in using http vs https, and the API is inappropriately caching the protocol for the response headers. I've noticed that there will be particular queries where it works only on the http version, and particular queries where it works only on the https version.

lothbrek commented 7 years ago

Also experiencing this - anyone found a way around it?

propublica / sunlight-congress