Having trouble with Cors Acces when trying to create a new list

The Movie Database Support

Support → API Support

posted by RuneClaeys
STAFFMOD
on January 9, 2019 at 6:29 AM

In the example below I perform 2 Post Fetch requests. The function 'mdbSetFav' has no cors issues. But the function 'mdbCreateList' has cors issues. Yet the list gets created so I don't understand why I get an error?

mdbCreateList({context},data){
      fetch(`${BaseURL}list?api_key=${APIKey}&session_id=${sessionStorage.getItem('sessionID')}`,{
        method: 'POST',
        headers: {
          'Accept': 'application/json',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(data)
      })
      .then(function(response) {
        if (response.status === 401) {
          console.log(response)
          router.push('/login')
        }
        return response.text().then(function(text) {
          let json = JSON.parse(text)
          console.log(json)
          return;
      })}) 
      .then(function(){
        context.dispatch('mdbLists');
      })   
      .catch(function(error){
        console.error(error);
      });
    },
    mdbSetFav({state},data){
      console.log(JSON.stringify(data))
      fetch(`${BaseURL}account/${state.account.id}/favorite?api_key=${APIKey}&session_id=${sessionStorage.getItem('sessionID')} `,{
        method: 'POST',
        headers: {
          'Accept': 'application/json',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(data)
      })
      .then(function(response) {
        if (response.status === 401) {
          console.log(response)
          router.push('/login')
        }
        return response.text().then(function(text) {
          let json = JSON.parse(text)
          console.log(json)
          return;
      })}) 
      .then(function(){
          //context.dispatch('mdbLists');
      })   
      .catch(function(error){
        console.error(error);
      });
    },

The error:

Access to fetch at 'https://api.themoviedb.org/3/list?api_key=***&session_id=***' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled

and a warning:

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://api.themoviedb.org/3/list?api_key=***&session_id=*** with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Can anyone help me out?

12 replies (on page 1 of 1)

• Jump to last post

Reply by Travis Bell

STAFFMOD

on January 9, 2019 at 3:50 PM

Hi @RuneClaeys,

Indeed, it seems as though the POST /3/list method does not have the proper CORS headers added. I'll get them added and let you know when it is working.

Thanks.

Reply by RuneClaeys

STAFFMOD

on January 10, 2019 at 4:07 AM

Thanks for the quick response. I've come across an other problem. Is it possible that there's an error with the DELETE a list call in version 3 of the API? It keeps telling me I'm not authorized even with a sessionID I just requested?

Reply by Travis Bell

STAFFMOD

on February 8, 2019 at 4:45 PM

I've created a new ticket that you can follow and vote on about the CORS issue here.

With regards to your second question, have completed step #2 in the walkthrough?

Reply by kibice

STAFFMOD

on June 27, 2019 at 5:00 AM

@travisbell said:

Hi @RuneClaeys,

Indeed, it seems as though the POST /3/list method does not have the proper CORS headers added. I'll get them added and let you know when it is working.

Thanks.

Hi @travisbell, Could you share roadmap when this fix will be available on production? Thank you in advance.

Reply by Travis Bell

STAFFMOD

on July 2, 2019 at 10:34 AM

Hi @kibice, you can follow the ticket above. That way you will be notified of any changes to it.

Reply by lawrencemhoni

STAFFMOD

on September 19, 2019 at 8:01 AM

Hello @travisbell I'm facing the same issue. How do I go about it?

Reply by Travis Bell

STAFFMOD

on September 20, 2019 at 6:11 PM

Hey @lawrencemhoni, the fix for this actually went live last week, I just hadn't updated the ticket yet. You can see here there is now the correct headers (Access-Control-Allow-Origin) being returned:

Request

curl -v -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"name\": \"This is my test list.\", \"description\": \"Testing.\", \"language\": \"en\"}" "http://api.themoviedb.org/3/list?api_key=###&session_id=###"
*   Trying 18.213.189.212...
* TCP_NODELAY set
* Connected to api.themoviedb.org (18.213.189.212) port 80 (#0)
> POST /3/list?api_key=###&session_id=### HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.54.0
> Accept: application/json
> Content-Type: application/json
> Content-Length: 78
>
* upload completely sent off: 78 out of 78 bytes
< HTTP/1.1 201 Created
< Date: Fri, 20 Sep 2019 22:09:26 GMT
< Content-Type: application/json
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< Cache-Control: public, max-age=0
<
* Connection #0 to host api.themoviedb.org left intact

Response

{
  "status_code": 1,
  "status_message": "The item/record was created successfully.",
  "success": true,
  "list_id": 121881
}

Reply by lawrencemhoni

STAFFMOD

on September 21, 2019 at 12:45 PM

Fantastic! Thank you @travisbell

Reply by lawrencemhoni

STAFFMOD

on September 21, 2019 at 1:06 PM

@travisbell for a moment it worked... Maybe I did something right... But right now this is what is being returned.

curl -v -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"name\": \"This is my test list.\", \"description\": \"Testing.\", \"language\": \"en\"}" "http://api.themoviedb.org/3/list?api_key=###"

*   Trying 54.164.67.128...
* Connected to api.themoviedb.org (54.164.67.128) port 80 (#0)
> POST /3/list?api_key=### HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.47.0
> Accept: application/json
> Content-Type: application/json
> Content-Length: 78
> 
* upload completely sent off: 78 out of 78 bytes
< HTTP/1.1 401 Unauthorized
< Date: Sat, 21 Sep 2019 17:05:17 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< X-RateLimit-Limit: 40
< X-RateLimit-Remaining: 39
< X-RateLimit-Reset: 1569085527
< Cache-Control: public, max-age=0
< 
* Connection #0 to host api.themoviedb.org left intact

{"status_code":3,"status_message":"Authentication failed: You do not have permissions to access the service."}

Reply by Travis Bell

STAFFMOD

on September 21, 2019 at 2:43 PM

There's no session ID being specified in your request. You need to pass a approved session in as a session_id param.

Reply by lawrencemhoni

STAFFMOD

on September 22, 2019 at 5:25 AM

@travisbell

    curl -v  --request GET \
      --url 'https://api.themoviedb.org/3/account?api_key=<API_KEY>&session_id=<SESSION_ID>' \
      --data '{}'

returns

curl -v  --request GET \
>       --url 'https://api.themoviedb.org/3/account?api_key=80518eb41e5b5a43588ca8d22c8616da&session_id=c0759b399e1e918869936a1debdbb736ebec730f' \
>       --data '{}' 
*   Trying 18.213.189.212...
* Connected to api.themoviedb.org (18.213.189.212) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 598 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: *.themoviedb.org (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: CN=*.themoviedb.org
*    start date: Mon, 03 Dec 2018 00:00:00 GMT
*    expire date: Wed, 02 Dec 2020 12:00:00 GMT
*    issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=RapidSSL RSA CA 2018
*    compression: NULL
* ALPN, server accepted to use http/1.1
> GET /3/account?api_key=<API_KEY>&session_id=<SESSION_ID> HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 2 out of 2 bytes
< HTTP/1.1 401 Unauthorized
< Date: Sun, 22 Sep 2019 09:23:50 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< X-RateLimit-Limit: 40
< X-RateLimit-Remaining: 39
< X-RateLimit-Reset: 1569144240
< Cache-Control: public, max-age=28800
< 
* Connection #0 to host api.themoviedb.org left intact

{"status_code":3,"status_message":"Authentication failed: You do not have permissions to access the service."}

Reply by lawrencemhoni

STAFFMOD

on September 22, 2019 at 5:28 AM

@travisbell
As shown above, I would love to have my accountID so that I may access my watchlist using

curl --request GET \
  --url 'https://api.themoviedb.org/3/account/%7Baccount_id%7D/watchlist/movies?page=1&sort_by=created_at.asc&language=en-US&api_key=%3C%3Capi_key%3E%3E' \
  --data '{}'

If we can get this to work, you will be my hero of the day.

Users In This Discussion

Categories

The Movie Database Support

Support → API Support