Getting 403 - CORS error, when using library outside of localhost.

[IgorDmitriev]

I was playing around with clubhouse api and this library to make simple app for exporting clubhouse data to CSV. It works fine when I was testing on localhost, but when I pushed to gh-pages, all fetch requests are returning with 403 error. https://igordmitriev.github.io/clubhouse-export/

Is there anything I can do about it?

I was trying to fork library and add { mode: 'no-cors' } to fetch. It did not help much.

Fetch API cannot load https://api.clubhouse.io/api/beta/members?token=_hidden_. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://igordmitriev.github.io' is therefore not allowed access. The response had HTTP status code 403. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

[nehilor]

It worked for me! ♥

[bernatfortet]

@nehilor could you say what you did to make it work?

[bernatfortet]

@maryjenel any chance you could help on this one?

[maryjenel]

Hi @bernatfortet We recently released a fix a few days.

The api will now echo back whatever Origin header (if any) was sent by the browser, when using token authentication. For other requests (authenticated with a session cookie or non-authenticated), it will echo back the Origin header only if it matches one of the patterns in our whitelist.

Please let me know if you are still getting this error! Thanks 😊

[willabdon]

i'm trying to make a plugin that create a story, but can't bypass cors, any tips ?

[willabdon]

it works great when i fire the request on postman.

[nehilor]

The only way I could suggest is opening chrome unsafe, please research how to open chrome to allow cors, it works for localhost request but is not safe for normal navigation, regards.

https://www.google.com/search?q=open+chrome+for+cors&oq=open+chrome+for+cors&aqs=chrome..69i57.4407j0j4&client=ms-android-huawei-rev1&sourceid=chrome-mobile&ie=UTF-8

El sáb., 29 ago. 2020 9:12 a. m., Willian Abdon notifications@github.com escribió:

[image: image] https://user-images.githubusercontent.com/28833719/91639951-ae111780-e9f0-11ea-8921-7109ec5dff9e.png [image: image] https://user-images.githubusercontent.com/28833719/91639965-c2551480-e9f0-11ea-8b0f-a6a880dc6184.png i'm trying to make a plugin that create a story, but can't bypass cors, any tips ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/clubhouse/clubhouse-lib/issues/14#issuecomment-683303221, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB75RDVG5JIUY3XNXFLETVDSDELE5ANCNFSM4DR4DFHA .

[willabdon]

all right, thank you @nehilor

[charpeni]

Closing this, let me know if it should stay open or feel free to create a new issue.