Request header field authorization is not allowed by Access-Control-Allow-Headers AND Accept-Encoding error

Question

Request header field authorization is not allowed by Access-Control-Allow-Headers AND Accept-Encoding error

muhammed671 opened this issue 3 years ago · 11 comments

Hi,

im triyng to connect to the AOI but I get alwasy this issue:

Access to XMLHttpRequest at 'https://api.sandbox.ebay.com/identity/v1/oauth2/token' from origin 'http://localhost:8100' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

Here is my code:

const eBayApi = require('@hendt/ebay-api')

const eBay = new eBayApi({
  appId: 'xxxxxxxxx',
  certId: 'xxxxxxxxx',
  devId: 'xxxxxxxx',
  sandbox: true,
  siteId: eBayApi.SiteId.EBAY_DE,
  marketplaceId:  eBayApi.MarketplaceId.EBAY_DE,
  acceptLanguage: eBayApi.Locale.en_DE, 
  contentLanguage: eBayApi.ContentLanguage.en_DE, 
});

const item = await eBay.buy.browse.getItem('v1|254188828753|0');
console.log(JSON.stringify(item, null, 2));

How I can solve this problem?

Answer 1 · 2021-11-09T09:28:42.000Z

You have to use a proxy since you are using it from the browser. Take a look in browser examples and here https://hendt.github.io/ebay-api/

Answer 2 · 2021-11-09T15:00:56.000Z

Thanks for the feedback

It's solved. I put this config (only for testing):

eBay.req.instance.interceptors.request.use((request) => {
  request.url = 'https://ebay.hendt.workers.dev/' + request.url;
  return request;
});

But now I have Accept-Encoding error:

This is my header:

  private httpOptions = {
    headers: new HttpHeaders({ 
      'Authorization': 'Basic ' + btoa(appId + ':' + certId),
      'Accept': 'application/json',
      'Content-Type': 'application/x-www-form-urlencoded',
      'Accept-Encoding': 'gzip',
      'Content-Encoding': 'gzip'
    })
  };

How I can solve this problem?

Answer 3 · 2021-11-09T15:26:29.000Z

Why do set the headers? It's not required. Just take a look in the source code of the page I posted.

Answer 4 · 2021-11-09T18:27:21.000Z

That's my full configuration. But same issiue with "Accept-Encoding"

import  eBayApi  from '@hendt/ebay-api';

const eBay = new eBayApi({
  appId: appId,
  certId: certId,
  sandbox: false,
});

eBay.req.instance.interceptors.request.use((request) => {
  // Add Proxy
  request.url = 'https://ebay.hendt.workers.dev/' + request.url;
  return request;
});

eBay.commerce.taxonomy.getCategoryTree('77').then(data=>console.log(data))

Answer 5 · 2021-11-10T09:28:26.000Z

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width">
  <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/@hendt/ebay-api@latest/lib/ebay-api.min.js"></script>
</head>
<body>
<script>
  
const eBay = new eBayApi({
  appId: '-',
  certId: '-'',
  sandbox: false,
});
  
eBay.req.instance.interceptors.request.use((request) => {
  request.url = 'https://ebay.hendt.workers.dev/' + request.url;
  return request;
});
  
  eBay.commerce.taxonomy.getCategoryTree('77').then(data=>console.log(data))
  </script>
</body>
</html>

Tested with Chrome and FF. Both works for me.

Answer 6 · 2021-11-11T14:21:00.000Z

I'm able to reproduce the error now. I'm on it.

Answer 7 · 2021-11-11T16:17:57.000Z

@muhammed671 v5.0.3 should fix this issue.

Answer 8 · 2021-11-11T16:52:28.000Z

Thanks for fixing. In my local test envairment it looks good. Next step, needs to check it in production on the server with my own proxy.

I will let you know about the result.

Answer 9 · 2021-11-11T18:37:25.000Z

It works also on production with own proxy.

Used Proxy Server:
https://github.com/Rob--W/cors-anywhere

@dantio Thanks for support and fixing the issue

Answer 10 · 2021-11-11T18:43:33.000Z

Nice! Thank you, I'll add cors-anywhere to docs also.

Answer 11 · 2021-11-11T18:47:11.000Z

Nice! Thank you, I'll add cors-anywhere to docs also.

Only for your Docs. The Proxy from Rob--W/cors-anywhere works very well with heroku.com