Having trouble with Cors Acces when trying to create a new list

The Movie Database 지원

지원 → API 지원

1월 9, 2019일 6:29 오전시에 RuneClaeys
STAFFMOD
님이 게시함

In the example below I perform 2 Post Fetch requests. The function 'mdbSetFav' has no cors issues. But the function 'mdbCreateList' has cors issues. Yet the list gets created so I don't understand why I get an error?

mdbCreateList({context},data){
      fetch(`${BaseURL}list?api_key=${APIKey}&session_id=${sessionStorage.getItem('sessionID')}`,{
        method: 'POST',
        headers: {
          'Accept': 'application/json',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(data)
      })
      .then(function(response) {
        if (response.status === 401) {
          console.log(response)
          router.push('/login')
        }
        return response.text().then(function(text) {
          let json = JSON.parse(text)
          console.log(json)
          return;
      })}) 
      .then(function(){
        context.dispatch('mdbLists');
      })   
      .catch(function(error){
        console.error(error);
      });
    },
    mdbSetFav({state},data){
      console.log(JSON.stringify(data))
      fetch(`${BaseURL}account/${state.account.id}/favorite?api_key=${APIKey}&session_id=${sessionStorage.getItem('sessionID')} `,{
        method: 'POST',
        headers: {
          'Accept': 'application/json',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(data)
      })
      .then(function(response) {
        if (response.status === 401) {
          console.log(response)
          router.push('/login')
        }
        return response.text().then(function(text) {
          let json = JSON.parse(text)
          console.log(json)
          return;
      })}) 
      .then(function(){
          //context.dispatch('mdbLists');
      })   
      .catch(function(error){
        console.error(error);
      });
    },

The error:

Access to fetch at 'https://api.themoviedb.org/3/list?api_key=***&session_id=***' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled

and a warning:

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://api.themoviedb.org/3/list?api_key=***&session_id=*** with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Can anyone help me out?

12 댓글 (1 / 1)

• Jump to last post

Travis Bell님의 댓글

STAFFMOD

1월 9, 2019 at 3:50 오후

Hi @RuneClaeys,

Indeed, it seems as though the POST /3/list method does not have the proper CORS headers added. I'll get them added and let you know when it is working.

Thanks.

RuneClaeys님의 댓글

STAFFMOD

1월 10, 2019 at 4:07 오전

Thanks for the quick response. I've come across an other problem. Is it possible that there's an error with the DELETE a list call in version 3 of the API? It keeps telling me I'm not authorized even with a sessionID I just requested?

Travis Bell님의 댓글

STAFFMOD

2월 8, 2019 at 4:45 오후

I've created a new ticket that you can follow and vote on about the CORS issue here.

With regards to your second question, have completed step #2 in the walkthrough?

kibice님의 댓글

STAFFMOD

6월 27, 2019 at 5:00 오전

@travisbell said:

Hi @RuneClaeys,

Indeed, it seems as though the POST /3/list method does not have the proper CORS headers added. I'll get them added and let you know when it is working.

Thanks.

Hi @travisbell, Could you share roadmap when this fix will be available on production? Thank you in advance.

Travis Bell님의 댓글

STAFFMOD

7월 2, 2019 at 10:34 오전

Hi @kibice, you can follow the ticket above. That way you will be notified of any changes to it.

lawrencemhoni님의 댓글

STAFFMOD

9월 19, 2019 at 8:01 오전

Hello @travisbell I'm facing the same issue. How do I go about it?

Travis Bell님의 댓글

STAFFMOD

9월 20, 2019 at 6:11 오후

Hey @lawrencemhoni, the fix for this actually went live last week, I just hadn't updated the ticket yet. You can see here there is now the correct headers (Access-Control-Allow-Origin) being returned:

Request

curl -v -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"name\": \"This is my test list.\", \"description\": \"Testing.\", \"language\": \"en\"}" "http://api.themoviedb.org/3/list?api_key=###&session_id=###"
*   Trying 18.213.189.212...
* TCP_NODELAY set
* Connected to api.themoviedb.org (18.213.189.212) port 80 (#0)
> POST /3/list?api_key=###&session_id=### HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.54.0
> Accept: application/json
> Content-Type: application/json
> Content-Length: 78
>
* upload completely sent off: 78 out of 78 bytes
< HTTP/1.1 201 Created
< Date: Fri, 20 Sep 2019 22:09:26 GMT
< Content-Type: application/json
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< Cache-Control: public, max-age=0
<
* Connection #0 to host api.themoviedb.org left intact

Response

{
  "status_code": 1,
  "status_message": "The item/record was created successfully.",
  "success": true,
  "list_id": 121881
}

lawrencemhoni님의 댓글

STAFFMOD

9월 21, 2019 at 12:45 오후

Fantastic! Thank you @travisbell

lawrencemhoni님의 댓글

STAFFMOD

9월 21, 2019 at 1:06 오후

@travisbell for a moment it worked... Maybe I did something right... But right now this is what is being returned.

curl -v -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"name\": \"This is my test list.\", \"description\": \"Testing.\", \"language\": \"en\"}" "http://api.themoviedb.org/3/list?api_key=###"

*   Trying 54.164.67.128...
* Connected to api.themoviedb.org (54.164.67.128) port 80 (#0)
> POST /3/list?api_key=### HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.47.0
> Accept: application/json
> Content-Type: application/json
> Content-Length: 78
> 
* upload completely sent off: 78 out of 78 bytes
< HTTP/1.1 401 Unauthorized
< Date: Sat, 21 Sep 2019 17:05:17 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< X-RateLimit-Limit: 40
< X-RateLimit-Remaining: 39
< X-RateLimit-Reset: 1569085527
< Cache-Control: public, max-age=0
< 
* Connection #0 to host api.themoviedb.org left intact

{"status_code":3,"status_message":"Authentication failed: You do not have permissions to access the service."}

Travis Bell님의 댓글

STAFFMOD

9월 21, 2019 at 2:43 오후

There's no session ID being specified in your request. You need to pass a approved session in as a session_id param.

lawrencemhoni님의 댓글

STAFFMOD

9월 22, 2019 at 5:25 오전

@travisbell

    curl -v  --request GET \
      --url 'https://api.themoviedb.org/3/account?api_key=<API_KEY>&session_id=<SESSION_ID>' \
      --data '{}'

returns

curl -v  --request GET \
>       --url 'https://api.themoviedb.org/3/account?api_key=80518eb41e5b5a43588ca8d22c8616da&session_id=c0759b399e1e918869936a1debdbb736ebec730f' \
>       --data '{}' 
*   Trying 18.213.189.212...
* Connected to api.themoviedb.org (18.213.189.212) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 598 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: *.themoviedb.org (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: CN=*.themoviedb.org
*    start date: Mon, 03 Dec 2018 00:00:00 GMT
*    expire date: Wed, 02 Dec 2020 12:00:00 GMT
*    issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=RapidSSL RSA CA 2018
*    compression: NULL
* ALPN, server accepted to use http/1.1
> GET /3/account?api_key=<API_KEY>&session_id=<SESSION_ID> HTTP/1.1
> Host: api.themoviedb.org
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 2 out of 2 bytes
< HTTP/1.1 401 Unauthorized
< Date: Sun, 22 Sep 2019 09:23:50 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 110
< Connection: keep-alive
< Server: openresty
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Access-Control-Expose-Headers: ETag, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After, Content-Length, Content-Range
< X-RateLimit-Limit: 40
< X-RateLimit-Remaining: 39
< X-RateLimit-Reset: 1569144240
< Cache-Control: public, max-age=28800
< 
* Connection #0 to host api.themoviedb.org left intact

{"status_code":3,"status_message":"Authentication failed: You do not have permissions to access the service."}

lawrencemhoni님의 댓글

STAFFMOD

9월 22, 2019 at 5:28 오전

@travisbell
As shown above, I would love to have my accountID so that I may access my watchlist using

curl --request GET \
  --url 'https://api.themoviedb.org/3/account/%7Baccount_id%7D/watchlist/movies?page=1&sort_by=created_at.asc&language=en-US&api_key=%3C%3Capi_key%3E%3E' \
  --data '{}'

If we can get this to work, you will be my hero of the day.

이 토론에 참여한 회원

분류

The Movie Database 지원

지원 → API 지원