Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Refused to set unsafe header "origin"
See original GitHub issueI’m trying to use a CORS proxy to access BitMEX. https://crossorigin.me is down (I see the Cloudflare page), so I tried the Node proxy. I’ve verified that http://localhost:4080/https://www.bitmex.com/api/v1/instrument/activeAndIndices returns correct data in the browser.
The problems is that when I try const markets = await bitmex.load_markets(); in the browser, I get this error:
Refused to set unsafe header “origin” (anonymous) @ fetch-browser.js:470 fetch-browser.js:473 GET http://localhost:4080/https://www.bitmex.com/api/v1/instrument/activeAndIndices 403 (Forbidden)
I get the same error with another proxy, https://cors-anywhere.herokuapp.com/:
Issue Analytics
- State:
- Created 6 years ago
- Comments:6 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@kroitor This problem appear again. version v1.14.209. I am sure when using v1.14.180, it have not such a problem. I am always using a proxy. refer to issue #3171
Not really, the point is that in the browser you can’t set the Origin header at all. Bitmex does not support CORS at all. This is the reason for using the CORS proxy in the first place – we need to set some headers, but we can’t do it in the browser (forbidden by the browser security settings), therefore we have to set those headers on the proxy.
With proper HTTPS tunneling via a CORS-proxy, it should work, like it does for most exchanges, however, it doesn’t work for BitMEX for some reason. I will investigate further and will get back to you on this.