thundercomb
commented
5 years ago Thanks @tenyo, appreciate the PR. I will look at it more closely over the next few days and get back to you as soon as I can.
Closed tenyo closed 5 years ago
thundercomb
commented
5 years ago Thanks @tenyo, appreciate the PR. I will look at it more closely over the next few days and get back to you as soon as I can.
thundercomb
commented
5 years ago Ruby versions needs updating for Heroku but will merge this commit first
tenyo
commented
5 years ago Thanks @thundercomb for merging and for creating this awesome API! My app is running at http://endlesspoetry.surge.sh - right now it's just pulling random poems from PoetryDB with an endless scroll.
thundercomb
commented
5 years ago Nice work! One can discover many new poems this way :-)
You're welcome, I'm pleased that it is useful.
HoloPollock
commented
4 years ago The Cors Issue seems to be back
thundercomb
commented
4 years ago The Cors Issue seems to be back
Hi @HoloPollock, thanks for reporting. How are you seeing the issue manifest? Are you able to reproduce the error for example with curl?
The site's proxy caching could be influencing it, however a quick check on either side of purging the cache didn't show up anything unusual - although I could be missing something:
$ curl -H "Origin: https://dummyorigin.com" -L --verbose https://poetrydb.org/title
.
.
.
> Host: poetrydb.org
.
.
.
> Accept: */*
> Origin: https://dummyorigin.com
.
.
.
< access-control-allow-origin: *PS: please note that poetrydb recently moved to https by default, so all http will get redirected.
HoloPollock
commented
4 years ago So that is the weird thing it says that it accepts everything but when I go to a website that uses poetry db and I get this
this is visible on the link that tenyo sent above
thundercomb
commented
4 years ago When you say "a website that uses poetry db", do you mean a public website - or one that you have control over?
From what I can see this might be different from the original issue, when CORS was not enabled at all.
At that time the error was No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin [..] is therefore not allowed access'.
In the present case it looks like Cross-origin redirection [https://..] denied by Cross-Origin Resource Sharing policy: Origin [http://127.0.0.1:5500] is not allowed by Access-Control-Allow-Origin. Fetch API cannot load [http://..] due to access control checks.
3 things I can think of to look at:
https directly?curl -H "Origin: http://127.0.0.1:5500" -L --verbose http://poetrydb.org/author/Keats/lines. How is the app making the request, or how would I reproduce it?HoloPollock
commented
4 years ago Update it was the http to redirecting with the CORS header properly changing to https from http fixes the issue
thundercomb
commented
4 years ago Great, I am glad you were able to find a solution.
I'm working on a pure JS app which talks to the PoetryDB API but it's currently being blocked by the browser. This PR enables CORS and addresses https://github.com/thundercomb/poetrydb/issues/4 I tested it locally and it seems to work OK.