Set Access-Control-Allow-Origin header for JSON API

Question

Set Access-Control-Allow-Origin header for JSON API

ndeuma opened this issue 5 years ago · 3 comments

Without this header, the API is not usable by web applications because of the same origin policy

error message in Chrome, for example:
Access to XMLHttpRequest at 'https://covid19-germany.appspot.com/timeseries/DE-BW/cases' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

See also: https://www.w3.org/wiki/CORS_Enabled#Why_is_CORS_important.3F

Answer 1 · 2020-04-02T00:04:05.000Z

Hey @ndeuma!

Edited (my previous response was probably very wrong -- reading https://stackoverflow.com/a/10636765 suggests that the way I remembered this mechanism to work wasn't right at all).

Will look into adding the header asap. Thanks!

Answer 2 · 2020-04-02T02:44:58.000Z

done with #80

Answer 3 · 2020-04-02T02:51:14.000Z

new version is deployed. Example:

$ curl -v https://covid19-germany.appspot.com/now 2>&1| grep origin
< access-control-allow-origin: *