Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

No Access-Control-Allow-Origin on resource when requesting via AJAX

See original GitHub issue

Photon worked fine until recently. But now we’re getting this error in Chrome:

Access to XMLHttpRequest at ‘https://photon.komoot.de/api/?q=erlangen’ from <domain> has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

The strange thing is: the header is present if we use Postman, but accessing photon via the axios library fails now.

Issue Analytics

State:
Created 3 years ago
Comments:15 (4 by maintainers)

Top GitHub Comments

1reaction

lonviacommented, Nov 9, 2020

@JorgenG You need CORS headers along the whole redirection chain. At least that was the only way I could make it work. You can simply test this with the photon webiste from this repo. Check out the repo, copy website/config.js.example to website/photon/config.js. Edit website/photon/config.js and change the API_URL to 'https://photon.komoot.de/api/?'. Then open website/photon/index.html in your browser. Type something in the search box and you’ll see that the request already fails on the OPTIONS call to photon.komoot.de.

0reactions

JorgenGcommented, Nov 9, 2020

@lonvia Ah, thanks a lot for the elaboration. Apologies for having misunderstood this and potentially broken it for web ui clients. I made the wrong assumption that web client redirects would only care about CORS for the “end” destination, i.e. the redirected target. I’ll redirect the traffic back to the server as before and continue investigating a proper solution.