CORS issue when using Fetch API [duplicate]











up vote
0
down vote

favorite













This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way






javascript rest api cors fetch







share|improve this question















marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08















up vote
0
down vote

favorite













This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way






javascript rest api cors fetch







share|improve this question















marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08













up vote
0
down vote

favorite









up vote
0
down vote

favorite












This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way






javascript rest api cors fetch







share|improve this question
















This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way





This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers







javascript rest api cors fetch




javascript rest api cors fetch






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 10 at 15:05

























asked Nov 10 at 15:03









Kenneth Bolme Lund

11




11




marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08














  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08








1




1




You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
– charlietfl
Nov 10 at 15:04






You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
– charlietfl
Nov 10 at 15:04














i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
– Kenneth Bolme Lund
Nov 10 at 15:06




i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
– Kenneth Bolme Lund
Nov 10 at 15:06












Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
– charlietfl
Nov 10 at 15:07






Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
– charlietfl
Nov 10 at 15:07














Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
– front_end_dev
Nov 10 at 15:08






Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
– front_end_dev
Nov 10 at 15:08














Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
– Jay
Nov 10 at 15:08




Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
– Jay
Nov 10 at 15:08












2 Answers
2






active

oldest

votes

















up vote
0
down vote













I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



Example: https://github.com/marhaupe/node-react-bootstrap.



Read more about that here:



https://stackoverflow.com/a/36959539/7471182



http://performantcode.com/web/do-you-really-know-cors






share|improve this answer




























    up vote
    0
    down vote













    An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



    server.php:



    echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


    client.html:



    <script>
    
  $.get("server.php", function(data, status){
    
    // stuff
    
  });
    
</script>





    share|improve this answer




























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      0
      down vote













      I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



      Example: https://github.com/marhaupe/node-react-bootstrap.



      Read more about that here:



      https://stackoverflow.com/a/36959539/7471182



      http://performantcode.com/web/do-you-really-know-cors






      share|improve this answer

























        up vote
        0
        down vote













        I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



        Example: https://github.com/marhaupe/node-react-bootstrap.



        Read more about that here:



        https://stackoverflow.com/a/36959539/7471182



        http://performantcode.com/web/do-you-really-know-cors






        share|improve this answer























          up vote
          0
          down vote










          up vote
          0
          down vote









          I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



          Example: https://github.com/marhaupe/node-react-bootstrap.



          Read more about that here:



          https://stackoverflow.com/a/36959539/7471182



          http://performantcode.com/web/do-you-really-know-cors






          share|improve this answer












          I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



          Example: https://github.com/marhaupe/node-react-bootstrap.



          Read more about that here:



          https://stackoverflow.com/a/36959539/7471182



          http://performantcode.com/web/do-you-really-know-cors







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 at 15:12









          Marcel Haupenthal

          412




          412
























              up vote
              0
              down vote













              An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



              server.php:



              echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


              client.html:



              <script>
              
  $.get("server.php", function(data, status){
              
    // stuff
              
  });
              
</script>





              share|improve this answer

























                up vote
                0
                down vote













                An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



                server.php:



                echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


                client.html:



                <script>
                
  $.get("server.php", function(data, status){
                
    // stuff
                
  });
                
</script>





                share|improve this answer























                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



                  server.php:



                  echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


                  client.html:



                  <script>
                  
  $.get("server.php", function(data, status){
                  
    // stuff
                  
  });
                  
</script>





                  share|improve this answer












                  An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



                  server.php:



                  echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


                  client.html:



                  <script>
                  
  $.get("server.php", function(data, status){
                  
    // stuff
                  
  });
                  
</script>






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 10 at 15:16









                  Ivo

                  608




                  608















                      -

                      Popular posts from this blog

                      Florida Star v. B. J. F.

                      Image
                      Florida Star v. B. J. F. From Wikipedia, the free encyclopedia Jump to navigation Jump to search United States Supreme Court case Florida Star v. B. J. F. Supreme Court of the United States Argued March 21, 1989 Decided June 21, 1989 Full case name The Florida Star v. B. J. F. Citations 491 U.S. 524 ( more ) 109 S. Ct. 2603; 105 L. Ed. 2d 443; 1989 U.S. LEXIS 3120; 57 U.S.L.W. 4816; 16 Media L. Rep. 1801 Prior history The Florida Star v. B.J.F., 530 So.2d 286 (1988) Supreme Court of Florida; Florida Star v. B.J.F., 499 So.2d 883 (1986) Fla. Dist. Court of Appeals Holding Florida Stat. § 794.03 is unconstitutional to the extent it makes the truthful reporting of information that was a matter of public record unlawful, as it violates the First Amendment. Court membership Chief Justice William Rehnquist Associate Justices William J. Brennan Jr.  · Byron White Thurgood Marshall  · Harry Blac
                      Read more

                      Danny Elfman

                      Image
                      Danny Elfman From Wikipedia, the free encyclopedia Jump to navigation Jump to search Danny Elfman Elfman at the 2010 San Diego Comic-Con Born Daniel Robert Elfman ( 1953-05-29 ) May 29, 1953 (age 65) Los Angeles, California, U.S. Spouse(s) Bridget Fonda ( m.  2003) Children 1 Musical career Genres Rock [1] ska [2] new wave film music video game music Occupation(s) Composer, singer, songwriter, record producer Instruments Trombone guitar percussion vocals keyboards [3] Years active 1972–present Associated acts Oingo Boingo James Newton Howard Daniel Robert Elfman (born May 29, 1953) is an American composer, singer, songwriter, and record producer. Elfman first became known for being the lead singer and songwriter for the band Oingo Boingo from 1974 to 1995. He is well known for scoring films and television shows, particularly his frequent collabora
                      Read more

                      Retrieve a Users Dashboard in Tumblr with R and TumblR. Oauth Issues

                      Image
                      .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I am trying to use the TumblR package in R to set up the Oauth Authentication to Retrieve a user's dashboard using the second example in tumblR documentation However I get the following error, it seems that using twitter others have been able to use a different function to get around this, but I am not finding the same function available for Tumblr. See twitter package for R authentication: error 401 My code consumer_key <- OKey consumer_secret <- SKey appname <- App_name tokenURL <- 'http://www.tumblr.com/oauth/request_token' accessTokenURL <- 'http://www.tumblr.com/oauth/acces_token'
                      Read more