N3evin/AmiiboAPI

Access to XMLHttpRequest at <<amiiboseries url>> from origin <<mysite>> has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Closed this issue · 5 comments

I'm getting this error when trying to access amiiboseries:
Access to XMLHttpRequest at 'https://www.amiiboapi.com/api/amiiboseries' from origin 'https://amiibo-time.web.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

It's happening on my website over here: (the dropdown box at the top doesn't load any elements). It does allow me to access the Smash Ultimate list though.
https://amiibo-time.web.app/

I found the question on Stack Overflow too, and it seems the header needs to be changed in the back-end

I'm getting this error when trying to access amiiboseries:
Access to XMLHttpRequest at 'https://www.amiiboapi.com/api/amiiboseries' from origin 'https://amiibo-time.web.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

It's happening on my website over here: (the dropdown box at the top doesn't load any elements). It does allow me to access the Smash Ultimate list though.
https://amiibo-time.web.app/

I found the question on Stack Overflow too, and it seems the header needs to be changed in the back-end

Thank you for the feedback. I had fixed it, and it should now return the Access-Control-Allow-Origin Do you mind giving it a try and changed it back to be using https?

Edit: It was due to the reverse proxy. I forgot to make sure it's proxy correctly with parameters.

It's still not loading right. It says this when I inspect it. I am definitely using the https link on my page though.
Mixed Content: The page at 'https://amiibo-time.web.app/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.amiiboapi.com/api/amiiboseries/'. This request has been blocked; the content must be served over HTTPS.

It's still not loading right. It says this when I inspect it. I am definitely using the https link on my page though.
Mixed Content: The page at 'https://amiibo-time.web.app/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.amiiboapi.com/api/amiiboseries/'. This request has been blocked; the content must be served over HTTPS.

The error was due to the website not using HTTPS on amiiboapi.com. Please use https://www.amiiboapi.com, not http://www.amiiboapi.com

I had just checked https://amiibo-time.web.app/ that it is working now. However, seems like you still calling HTTP. Do change to HTTPS, that should be fixed now.

Shall close this, since there's no response from issuer :) But feel free to reopen the issue.