CORS error on login
lorenzleutgeb opened this issue · 3 comments
Loading app.jqbx.fm hangs showing "Logging in...". The console shows:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.spotify.com/v1/me. (Reason: CORS request did not succeed).
I am using Firefox 71 on Fedora Linux.
It seems that you replied via e-mail directly and therefore did not notice that I already specified which browser I am using in the initial comment. I added this information by editing the initial comment, which does not trigger GitHub to send another e-mail.
I do not think that any (user-friendly, GUI) security settings in Firefox will change it's behaviour regarding CORS. The only ways to do this that I know of are extensions like "CORS Everywhere" ("CorsE") and messing around in about:config
(see also this question on StackOverflow). Neither of the two options will be accepted by a large number of users, so even though they work around the issue, you will end up with many potential users getting frustrated with your product.
I am wondering whether you could/should do the requests to api.spotify.com on your server instead of the browser. You would not have any problems with CORS this way.
So I just checked and the app is working for me on FF 71 on my Mac. Can you try w/ google chrome or some other browser to confirm whether or not it's a browser specific thing?
Re: using a proxy to call the api calls via the server. Yes that would work as well and perhaps should have started off that way but it's been a long time. Plus a lot of the Spotify resources are for client side implementations / libraries. So what I'm saying is that there shouldn't be an issue w/ CORS for anyone since the Spotify API seems to be agnostic about where it gets called.