Jump to content

You're browsing the 2004-2023 VATSIM Forums archive. All content is preserved in a read-only fashion.
For the latest forum posts, please visit https://forum.vatsim.net.

Need to find something? Use the Google search below.
PLEASE READ - Webmaster Support Forum
This forum will be retired in the near future. Please direct all queries to our dedicated GitHub support page https://github.com/vatsimnetwork/developer-info/discussions 
Here you can find documentation on our services and we are continuing to migrate pertinent information into the Wiki pages https://github.com/vatsimnetwork/developer-info/wiki

CORS Issue


Wenlue Zhang
 Share

Recommended Posts

Wenlue Zhang
Posted
Posted

Hi,

Just wondering if it is an intended behaviour for the API disallowing cross-origin requests? It seems to miss "Access-Control-Allow-Origin" and all other related headers in the response.

Wenlue Zhang | Contact me

Senior Controller (C3)
P.R.China Division Webmaster (VATPRC8) 

spacer.png

Link to comment
Share on other sites

Nestor Perez
Posted
Posted

Why would you make a request to an API requiring a token from a browser? You'd be leaking your token.

Me.

Link to comment
Share on other sites

Wenlue Zhang
Posted
Posted
3 hours ago, Nestor Perez said:

Why would you make a request to an API requiring a token from a browser? You'd be leaking your token.

For sure we won't put the token in our front end code 😂 But currently there are some endpoints (e.g. /rating/{cid}/rating_times) which are accessible without a token. Just assuming they are open to public and does not require the token... Isn't it intended?

Wenlue Zhang | Contact me

Senior Controller (C3)
P.R.China Division Webmaster (VATPRC8) 

spacer.png

Link to comment
Share on other sites

  • 2 weeks later...
Ryan Bentley
Posted
Posted
On 11/4/2020 at 12:26 PM, Wenlue Zhang said:

For sure we won't put the token in our front end code 😂 But currently there are some endpoints (e.g. /rating/{cid}/rating_times) which are accessible without a token. Just assuming they are open to public and does not require the token... Isn't it intended?

Yes, certain endpoints are public and do not require token authentication.

Ryan Bentley
VATSIM Senior Developer
## [email protected]
Facebook Twitter Instagram
VATSIM Logo
Link to comment
Share on other sites

Wenlue Zhang
Posted
Posted
On 11/15/2020 at 12:03 AM, Ryan Bentley said:

Yes, certain endpoints are public and do not require token authentication.

But now we can't just call public endpoints from a browser because of CORS issue. Instead, we have to write backend code acting as a "proxy" to expose the data to the front end. Just for confirmation, is it also a expected behaviour?

Wenlue Zhang | Contact me

Senior Controller (C3)
P.R.China Division Webmaster (VATPRC8) 

spacer.png

Link to comment
Share on other sites

Nestor Perez
Posted
Posted

It is for now indeed. None of that data gets updated gets updated too often, so we'd appreciate if you'd do some caching server-side 😛

  • Thanks 1

Me.

Link to comment
Share on other sites

 Share