Displaying all 3 messages |
Ihárosi Wiktor
5/1/2022 at 2:55
|
I would like to respect the rate limits for the api calls in my js app. They are presented in the response headers. But unfortunately with JSONP, it is impossible to read these headers.
I tried the api calls with fetch, but then I got error: "Access to fetch at 'https://www.geni.com/api/...' from origin 'https://mydomain.example' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled." I set the "Site Domain" to mydomain.example in my app settings, but there is no Allow-Origin header in the request. How could I access to the X-Api-Rate headers in javascript in other ways? Thank you! |
|
Mike Stangel
5/2/2022 at 20:05
|
Hi, are you using the JavaScript SDK at https://www.geni.com/platform/developer/help/sdk_js?version=1 ? Also, I noticed your app is registered with http but your site redirects to https -- I would suggest you update your app on Geni to reflect the https protocol. Lastly, I see you're passing "Sec-Fetch-Mode
no-cors" in the headers, did that resolve the issue for you? (we might still need to revisit how this works, I think we tightened the CORS security since publishing the API documentation) |
|
Ihárosi Wiktor
5/3/2022 at 1:30
|
Hello Mike,
Thank you for quick answer. :) >are you using the JavaScript SDK No, I don't use it. I implemented the app without it. But I checked the sdk and it uses jsonp also, not fetch. I use this simple polyfill to use jsonp with fetch-like syntax. https://github.com/camsong/fetch-jsonp/blob/master/src/fetch-jsonp.js >Also, I noticed your app is registered with http but your site redirects to https That's right, I did not notice this. Thank you, I updated. But this doesn't solve the fetch problem. There are no Access-Control-Allow-Origin header in the api response. >I see you're passing "Sec-Fetch-Mode no-cors" in the headers, did that resolve the issue for you? I think this is a default browser header when using plain javascript script tag to inject the jsonp. I did not set this header in the script, so unfortunately, it did not resolve the issue. >we might still need to revisit how this works Thank you! |