Having trouble with Cors Acces when trying to create a new list

Поддръжка на The Movie Database

Поддръжка → API поддръжка

публикувана от RuneClaeys
STAFFMOD
на 9 януари 2019 в 6:29 AM

In the example below I perform 2 Post Fetch requests. The function 'mdbSetFav' has no cors issues. But the function 'mdbCreateList' has cors issues. Yet the list gets created so I don't understand why I get an error?

mdbCreateList({context},data){
      fetch(`${BaseURL}list?api_key=${APIKey}&session_id=${sessionStorage.getItem('sessionID')}`,{
        method: 'POST',
        headers: {
          'Accept': 'application/json',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(data)
      })
      .then(function(response) {
        if (response.status === 401) {
          console.log(response)
          router.push('/login')
        }
        return response.text().then(function(text) {
          let json = JSON.parse(text)
          console.log(json)
          return;
      })}) 
      .then(function(){
        context.dispatch('mdbLists');
      })   
      .catch(function(error){
        console.error(error);
      });
    },
    mdbSetFav({state},data){
      console.log(JSON.stringify(data))
      fetch(`${BaseURL}account/${state.account.id}/favorite?api_key=${APIKey}&session_id=${sessionStorage.getItem('sessionID')} `,{
        method: 'POST',
        headers: {
          'Accept': 'application/json',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(data)
      })
      .then(function(response) {
        if (response.status === 401) {
          console.log(response)
          router.push('/login')
        }
        return response.text().then(function(text) {
          let json = JSON.parse(text)
          console.log(json)
          return;
      })}) 
      .then(function(){
          //context.dispatch('mdbLists');
      })   
      .catch(function(error){
        console.error(error);
      });
    },

The error:

Access to fetch at 'https://api.themoviedb.org/3/list?api_key=***&session_id=***' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled

and a warning:

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://api.themoviedb.org/3/list?api_key=***&session_id=*** with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Can anyone help me out?

12 отговора (на страница 1 от общо 1)

• Jump to last post

Отговор от Travis Bell

STAFFMOD

на 9 януари 2019 в 3:50 PM

Hi @RuneClaeys,

Indeed, it seems as though the POST /3/list method does not have the proper CORS headers added. I'll get them added and let you know when it is working.

Thanks.

Отговор от RuneClaeys

STAFFMOD

на 10 януари 2019 в 4:07 AM

Thanks for the quick response. I've come across an other problem. Is it possible that there's an error with the DELETE a list call in version 3 of the API? It keeps telling me I'm not authorized even with a sessionID I just requested?

Отговор от Travis Bell

STAFFMOD

на 8 февруари 2019 в 4:45 PM

I've created a new ticket that you can follow and vote on about the CORS issue here.

With regards to your second question, have completed step #2 in the walkthrough?

Отговор от kibice

STAFFMOD

на 27 юни 2019 в 5:00 AM

@travisbell said:

Hi @RuneClaeys,

Indeed, it seems as though the POST /3/list method does not have the proper CORS headers added. I'll get them added and let you know when it is working.

Thanks.

Hi @travisbell, Could you share roadmap when this fix will be available on production? Thank you in advance.

Отговор от Travis Bell

STAFFMOD

на 2 юли 2019 в 10:34 AM

Hi @kibice, you can follow the ticket above. That way you will be notified of any changes to it.

Отговор от lawrencemhoni

STAFFMOD

на 19 септември 2019 в 8:01 AM

Hello @travisbell I'm facing the same issue. How do I go about it?

Отговор от Travis Bell

STAFFMOD

на 20 септември 2019 в 6:11 PM

Hey @lawrencemhoni, the fix for this actually went live last week, I just hadn't updated the ticket yet. You can see here there is now the correct headers (Access-Control-Allow-Origin) being returned:

Request

curl -v -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"name\": \"This is my test list.\", \"description\": \"Testing.\", \"language\": \"en\"}" "http://api.themoviedb.org/3/list?api_key=###&session_id=###"
*   Trying 18.213.189.212...
* TCP_NODELAY set
* Connected to api.themoviedb.org (18.213.189.212) port 80 (#0)
> POST /3/list?api_key=###&session_id=### HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.54.0
> Accept: application/json
> Content-Type: application/json
> Content-Length: 78
>
* upload completely sent off: 78 out of 78 bytes
< HTTP/1.1 201 Created
< Date: Fri, 20 Sep 2019 22:09:26 GMT
< Content-Type: application/json
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< Cache-Control: public, max-age=0
<
* Connection #0 to host api.themoviedb.org left intact

Response

{
  "status_code": 1,
  "status_message": "The item/record was created successfully.",
  "success": true,
  "list_id": 121881
}

Отговор от lawrencemhoni

STAFFMOD

на 21 септември 2019 в 12:45 PM

Fantastic! Thank you @travisbell

Отговор от lawrencemhoni

STAFFMOD

на 21 септември 2019 в 1:06 PM

@travisbell for a moment it worked... Maybe I did something right... But right now this is what is being returned.

curl -v -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"name\": \"This is my test list.\", \"description\": \"Testing.\", \"language\": \"en\"}" "http://api.themoviedb.org/3/list?api_key=###"

*   Trying 54.164.67.128...
* Connected to api.themoviedb.org (54.164.67.128) port 80 (#0)
> POST /3/list?api_key=### HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.47.0
> Accept: application/json
> Content-Type: application/json
> Content-Length: 78
> 
* upload completely sent off: 78 out of 78 bytes
< HTTP/1.1 401 Unauthorized
< Date: Sat, 21 Sep 2019 17:05:17 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< X-RateLimit-Limit: 40
< X-RateLimit-Remaining: 39
< X-RateLimit-Reset: 1569085527
< Cache-Control: public, max-age=0
< 
* Connection #0 to host api.themoviedb.org left intact

{"status_code":3,"status_message":"Authentication failed: You do not have permissions to access the service."}

Отговор от Travis Bell

STAFFMOD

на 21 септември 2019 в 2:43 PM

There's no session ID being specified in your request. You need to pass a approved session in as a session_id param.

Отговор от lawrencemhoni

STAFFMOD

на 22 септември 2019 в 5:25 AM

@travisbell

    curl -v  --request GET \
      --url 'https://api.themoviedb.org/3/account?api_key=<API_KEY>&session_id=<SESSION_ID>' \
      --data '{}'

returns

curl -v  --request GET \
>       --url 'https://api.themoviedb.org/3/account?api_key=80518eb41e5b5a43588ca8d22c8616da&session_id=c0759b399e1e918869936a1debdbb736ebec730f' \
>       --data '{}' 
*   Trying 18.213.189.212...
* Connected to api.themoviedb.org (18.213.189.212) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 598 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: *.themoviedb.org (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: CN=*.themoviedb.org
*    start date: Mon, 03 Dec 2018 00:00:00 GMT
*    expire date: Wed, 02 Dec 2020 12:00:00 GMT
*    issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=RapidSSL RSA CA 2018
*    compression: NULL
* ALPN, server accepted to use http/1.1
> GET /3/account?api_key=<API_KEY>&session_id=<SESSION_ID> HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 2 out of 2 bytes
< HTTP/1.1 401 Unauthorized
< Date: Sun, 22 Sep 2019 09:23:50 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< X-RateLimit-Limit: 40
< X-RateLimit-Remaining: 39
< X-RateLimit-Reset: 1569144240
< Cache-Control: public, max-age=28800
< 
* Connection #0 to host api.themoviedb.org left intact

{"status_code":3,"status_message":"Authentication failed: You do not have permissions to access the service."}

Отговор от lawrencemhoni

STAFFMOD

на 22 септември 2019 в 5:28 AM

@travisbell
As shown above, I would love to have my accountID so that I may access my watchlist using

curl --request GET \
  --url 'https://api.themoviedb.org/3/account/%7Baccount_id%7D/watchlist/movies?page=1&sort_by=created_at.asc&language=en-US&api_key=%3C%3Capi_key%3E%3E' \
  --data '{}'

If we can get this to work, you will be my hero of the day.

Участници в дискусията

Категории

Поддръжка на The Movie Database

Поддръжка → API поддръжка