Myrdhin

v3
API v3 and CORS - preflight OPTIONS request (with EmberJS)

9 posts in this topic

Hello,

I try to build a web application using Ember framework and your v3 API. Really good API work 
:) !

But I have some difficulties to get right API responses. Not on the same API domain, a preflighted OPTIONS request is sent. It's OK. But this request is not accepted (401) by your API because there is no 'key' query or no 'Authorization' header defined in this OPTIONS request. This header (or key) is not required for a
preflighted request?..

Thanks for your help,

ps: something else, by default, Ember does not add trailing '/' to the url (use
https://rebrickable.com/api/v3/lego/colors?key=... instead of https://rebrickable.com/api/v3/lego/colors/?key=...) so API replies with 301 redirect, considered like an error by preflighted OPTIONS request. So the CORS request fails.

Share this post


Link to post
Share on other sites

It now allows unauthenticated OPTIONS requests.

Can you get your app to use trailing / in the urls? It's not a trivial change for me to handle both scenarios, all urls on Rebrickable v3 end with /.
 

Share this post


Link to post
Share on other sites

Hello,

Thank you very much for all these corrections. But Chrome (and Firefox) give me an error:

Quote

Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed

 

I think 'Access-Control-Allow-Origin' header should only contain '*'.

Share this post


Link to post
Share on other sites

Ah thanks, that's probably it. I've got something in my nginx config too. I'm not home atm so will update it later.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now