set Access-Control-Allow-Origin to '*' for data only endpoints #3182
Labels
Tweak
Minor tweak
Comments
|
This seemed to work awhile ago, did our move to cloudflare break you? |
|
It might have. The 3rd party service I was using returns a 401 unauthorized now for the endpoint. |
|
I can't say if it was the move to cloudflare but I just tried to use the API and it's broken on my end as well: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your tweak request related to a problem? Please describe.
as I'm working on an external-to-neos tool, ( neos.alext.duckdns.org/priority ), using the Neos API directly is not presently possible. i was relying on a 3rd party tool to make a request, then send it back, however this service has recently stopped working for this purpose.
Describe what would you like tweaked
add the Access-Control-Allow-Origin header to (at the least!) data based endpoints (e.g. api/stats/priorityIssues ), to allow external websites to retrieve data from the neos API's data only (non-authorized) endpoints.
Describe alternatives you've considered
..build a mirror service on neos.alext.duckdns.org that simply mirrors the required endpoints.
Additional context
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin ;
i originally mentioned this to prime during a recent office hours, and was requested to make a ticket.
The text was updated successfully, but these errors were encountered: