CORS issue when using Fetch API [duplicate]











up vote
0
down vote

favorite













This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way






javascript rest api cors fetch







share|improve this question















marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08















up vote
0
down vote

favorite













This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way






javascript rest api cors fetch







share|improve this question















marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08













up vote
0
down vote

favorite









up vote
0
down vote

favorite












This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way






javascript rest api cors fetch







share|improve this question
















This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers




I'm making this JavaScript project based on Challonge API.



Whenever i attempt to use fetch to either GET or POST any data, i'm being returned the infamous CORS error:




Access to fetch at 'https://api.challonge.com/v1/tournaments.json?api_key=censored' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.




It works flawlessly whenever i use the "Allow-Control-Allow-Origin * " extension, for obvious reasons, however, i can't demand my clients to download this extension to use my app. I've also tried uploading the project to a webserver, with no success.



I've been scouring the web for solutions, but i'm either too incompetent to see the answer right infront of me, or i haven't looked long enough.



Either way, can any one of you guys nudge me in the right direction?



Edit: I've tried to change the request mode to no-cors, same-origin and cors, to no avail.



Edit 2: alot of the 'fixes' i've seen for this revolved around changing the server-side .htaccess to allow my domain, but i'm not working for Challonge API, and i refuse to believe that's the only way





This question already has an answer here:




  • No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

    4 answers



  • How does Access-Control-Allow-Origin header work?

    11 answers







javascript rest api cors fetch




javascript rest api cors fetch






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 10 at 15:05

























asked Nov 10 at 15:03









Kenneth Bolme Lund

11




11




marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 10 at 21:39


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08














  • 1




    You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
    – charlietfl
    Nov 10 at 15:04












  • i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
    – Kenneth Bolme Lund
    Nov 10 at 15:06










  • Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
    – charlietfl
    Nov 10 at 15:07












  • Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    – front_end_dev
    Nov 10 at 15:08












  • Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
    – Jay
    Nov 10 at 15:08








1




1




You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
– charlietfl
Nov 10 at 15:04






You will need to set up a proxy either on server you control or using a third party service. The benefit of doing it on your own server is to protect exposing your api key
– charlietfl
Nov 10 at 15:04














i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
– Kenneth Bolme Lund
Nov 10 at 15:06




i am using an extension, and that works just fine. However, do you mean that my only way out of this, even in production, is to proxy it?
– Kenneth Bolme Lund
Nov 10 at 15:06












Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
– charlietfl
Nov 10 at 15:07






Yes. Many API's don't implement CORS so you don't end up exposing your credentials. Note I am assuming you don't control that API
– charlietfl
Nov 10 at 15:07














Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
– front_end_dev
Nov 10 at 15:08






Either proxy or enable CORS on the server from where you are requesting. Read more from developer.mozilla.org/en-US/docs/Web/HTTP/CORS
– front_end_dev
Nov 10 at 15:08














Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
– Jay
Nov 10 at 15:08




Your always able to circumvent the restriction it just might not be easy, either make the request from a domain you can communicate with and then proxy the result or you could patch your browser to now have such a check in the first place
– Jay
Nov 10 at 15:08












2 Answers
2






active

oldest

votes

















up vote
0
down vote













I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



Example: https://github.com/marhaupe/node-react-bootstrap.



Read more about that here:



https://stackoverflow.com/a/36959539/7471182



http://performantcode.com/web/do-you-really-know-cors






share|improve this answer




























    up vote
    0
    down vote













    An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



    server.php:



    echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


    client.html:



    <script>
    
  $.get("server.php", function(data, status){
    
    // stuff
    
  });
    
</script>





    share|improve this answer




























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      0
      down vote













      I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



      Example: https://github.com/marhaupe/node-react-bootstrap.



      Read more about that here:



      https://stackoverflow.com/a/36959539/7471182



      http://performantcode.com/web/do-you-really-know-cors






      share|improve this answer

























        up vote
        0
        down vote













        I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



        Example: https://github.com/marhaupe/node-react-bootstrap.



        Read more about that here:



        https://stackoverflow.com/a/36959539/7471182



        http://performantcode.com/web/do-you-really-know-cors






        share|improve this answer























          up vote
          0
          down vote










          up vote
          0
          down vote









          I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



          Example: https://github.com/marhaupe/node-react-bootstrap.



          Read more about that here:



          https://stackoverflow.com/a/36959539/7471182



          http://performantcode.com/web/do-you-really-know-cors






          share|improve this answer












          I had the same issues as well and after many hours of researching on how CORS actually works, I came to the conclusion that setting up a proxy like charlietfl suggests is the best way to avoid CORS issues while developing locally. The proxy handles every request you do on your client and reroutes them to the original destination. That way you will probably not get any CORS issues.



          Example: https://github.com/marhaupe/node-react-bootstrap.



          Read more about that here:



          https://stackoverflow.com/a/36959539/7471182



          http://performantcode.com/web/do-you-really-know-cors







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 at 15:12









          Marcel Haupenthal

          412




          412
























              up vote
              0
              down vote













              An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



              server.php:



              echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


              client.html:



              <script>
              
  $.get("server.php", function(data, status){
              
    // stuff
              
  });
              
</script>





              share|improve this answer

























                up vote
                0
                down vote













                An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



                server.php:



                echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


                client.html:



                <script>
                
  $.get("server.php", function(data, status){
                
    // stuff
                
  });
                
</script>





                share|improve this answer























                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



                  server.php:



                  echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


                  client.html:



                  <script>
                  
  $.get("server.php", function(data, status){
                  
    // stuff
                  
  });
                  
</script>





                  share|improve this answer












                  An easy way to do it would be to request the API using your server and display it on a webpage then have your client request the webpage. Very simple example:



                  server.php:



                  echo file_get_contents('https://api.challonge.com/v1/tournaments.json?api_key=censored');


                  client.html:



                  <script>
                  
  $.get("server.php", function(data, status){
                  
    // stuff
                  
  });
                  
</script>






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 10 at 15:16









                  Ivo

                  608




                  608















                      -

                      Popular posts from this blog

                      Full-time equivalent

                      Image
                      Full-time equivalent From Wikipedia, the free encyclopedia Jump to navigation Jump to search Full-time equivalent ( FTE ) or whole time equivalent ( WTE ) is a unit that indicates the workload of an employed person (or student) in a way that makes workloads or class loads comparable [1] across various contexts. FTE is often used to measure a worker's or student's involvement in a project, or to track cost reductions in an organization. An FTE of 1.0 is equivalent to a full-time worker or student, while an FTE of 0.5 signals half of a full work or school load. [2] Contents 1 U.S. Federal Government 2 In education 2.1 Example 3 Notes 4 References U.S. Federal Government [ edit ] In the U.S. Federal Government, FTE is defined by the Government Accountability Office (GAO) as the number of total hours worked divided by the maximum number of compensable hours in a full-time schedule as
                      Read more

                      Bicuculline

                      Image
                      Bicuculline From Wikipedia, the free encyclopedia Jump to navigation Jump to search Bicuculline Clinical data ATC code none Identifiers IUPAC name (6 R )-​6-​[(5 S )-​6-​methyl-​5,​6,​7,​8-​tetrahydro​[1,3]dioxolo​[4,5- g ]​isoquinolin-​5-​yl]​furo[3,4- e ]​[1,3]​benzodioxol-​8(6 H )-​one CAS Number 485-49-4   Y PubChem CID 10237 IUPHAR/BPS 2312 ChemSpider 9820   Y UNII Y37615DVKC ChEBI CHEBI:3092   N ChEMBL ChEMBL417990   N ECHA InfoCard 100.006.927 Chemical and physical data Formula C 20 H 17 N O 6 Molar mass 367.352 g/mol 3D model (JSmol) Interactive image Melting point 215 °C (419 °F) SMILES O=C1O[C@H](c3c1c2OCOc2cc3)[C@@H]5c4cc6OCOc6cc4CCN5C InChI InChI=1S/C20H17NO6/c1-21-5-4-10-6-14-15(25-8-24-14)7-12(10)17(21)18-11-2-3-13-19(26-9-23-13)16(11)20(22)27-18/h2-3,6-7,17-18H,4-5,8-9H2,1H3/t17-,18+/m0/s1   Y Key:IYGYMKDQCDOMRE-ZWKOTPCHSA-N
                      Read more

                      さくらももこ

                      Image
                      さくら ももこ 本名 非公開 [1] 生誕 ( 1965-05-08 ) 1965年5月8日 日本・静岡県清水市 (現・静岡市清水区) 死没 ( 2018-08-15 ) 2018年8月15日(53歳没) 日本・東京都目黒区 国籍 日本 職業 漫画家 エッセイスト 作詞家 活動期間 1984年 - 2018年 ジャンル 少女漫画 青年漫画 児童漫画 代表作 『ちびまる子ちゃん』 『コジコジ』 受賞 1989年:第13回講談社漫画賞少女部門 (『ちびまる子ちゃん』) 1990年:第32回日本レコード大賞 (『おどるポンポコリン』作詞) 公式サイト さくらプロダクション テンプレートを表示 さくら ももこ (1965年5月8日 - 2018年8月15日 [2] )は、日本の漫画家、エッセイスト、作詞家、脚本家。また、自身の少女時代をモデルとした代表作のコミック『ちびまる子ちゃん』の主人公の名前でもある。静岡県清水市(現・静岡市清水区)出身。血液型はA型。身長159cm。一男の母親。 代表作のコミック『ちびまる子ちゃん』の単行本の売上は累計3000万部を超える。また、エッセイストとしても独特の視点と語り口で人気が高く、初期エッセイ集三部作『もものかんづめ』『さるのこしかけ』『たいのおかしら』はいずれもミリオンセラーを記録。 目次 1 経歴 2 人物・交遊関係 3 主な作品 3.1 漫画 3.2 エッセイ 3.3 作詞 3.4 詩集 3.5 雑誌・ムック本 3.6 翻訳 3.7 絵本、ドラマ脚本他 3.8 ラジオ出演 3.9 その他 4 関係人物 4.1 アシスタント 4.2 さくらももこを演じた人物 5 脚注 5.1 注釈 5.2 出典 6 外部リンク 経歴 年譜形式の経歴は推奨されていません 。人物の伝記は流れのあるまとまった文章で記述し、年譜は補助的な使用にとどめてください。 ( 2018年8月 ) 清水市立(当時)入江小学校
                      Read more