I am integrating yammer features in our app (web-front-end stack and using Yammer JS SDK). So, I want get all the groups of a login-ed user.
Inorder to get all the groups, I have tried to call the end points in two ways, /groups.json=mine using SDK - resposne showing method not authorised and www.yammer.com/api/v1/groups.json=mine=1 using normal ajax GET request- throwing access control origin issue.
API is perfectly working, while tested using google chrome browser - by disabling web security.
My question is how I can call www.yammer.com/api/v1/API_END_POINTS without cross origin issue using yammer JS SDK or any other technique?
I found an related answer in this Q & A , but still showing error for me.
Error :
XMLHttpRequest cannot load
https://www.yammer.com/api/v1/groups.json?mine=1. Response to
preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'https://xxx.dev.com' is therefore not allowed
access.
Code I have tried after login code :
1# GET Request - return $http.get('https://www.yammer.com/api/v1/groups.json?mine=1')
2# yammer JS SDK -
yam.platform.request({
url: "groups.json?mine=1",
method: "GET",
success: function (group) {
console.log(group);
},
error: function (group) {
console.error("There was an error with the request.", group);
}
});
I have already commented different Q&As for the opinion, but no luck, no one replied.
PS - My all other yammer APIs are working(login, post, message etc), which listed in Yammer REST API Docs, only I am facing problem with APIs hosted in wwww.yammer.com/api/v1, Not api.yammer.com
Thanks in advance
You should register an App in Yammer dev console, specify allowed origins, get an API key and send it along with request.
See https://developer.yammer.com/docs/api-requests for more info.
Related
Okay so im trying to get access token im following the main guide provided by facebook app developers which is: https://developers.facebook.com/docs/instagram-basic-display-api/getting-started. Im at step: 5, where i try to exchange my code for access_token. I do post request to https://api.instagram.com/oauth/access_token however i get cors blocked with this error:
Access to XMLHttpRequest at
'https://api.instagram.com/oauth/access_token' from origin
'https://localhost' has been blocked by CORS policy: Request header
field content-type is not allowed by Access-Control-Allow-Headers in
preflight response.
I literlly tried everything. Adding headers to axios, using ngrok to get an actual secure https: and not self made cert (for dev mode ofc). I also changed the app ouath urls. What could the problem be?
Yeap i allowed urls i did everything. I tried https://cors-anywhere.herokuapp.com/https://api.instagram.com/oauth/access_token it didn't work, it says bad request. However i managed to solve it with an extra library called axios-oauth-client: https://www.npmjs.com/package/axios-oauth-client. After implementing this library and instead of doing axios.post(url, data) but using this library and passing the data in there everything works fine and i get the access token. Something with the headers might have been the problem
Since last couple of hours when I try to connect api.ai using javascript I get the following error .
"Failed to load https://api.api.ai/v1/query?v=20150910: No 'Access-Control-Allow-Origin' header is present on the requested resource."
I try to send request to Api.AI using javascript by following way:-
const client = new ApiAi.ApiAiClient({
accessToken: "*******************"
});
const promise = client.textRequest(query);
promise
.then(handleResponse)
.catch(handleError);
function handleResponse(serverResponse) {}
You can use browser Extension for this problem.
In chrome
If you use PostMan or other service except browser you don't see this error or you can use nginx proxy to get result.
I too have started facing this issue from few hours, it looks like people at DialogFlow have changed the CORS restrictions.
Right now, only solution is to use a middle proxy server / cloud function which will call the api.ai url on behalf of browser and send the result back to browser.
Found the issue and answer here.
I guess you are calling the API from the browser. It is not a great option here as anyone can see your access code.
You can try the following solutions:
Call the API from the back-end - not front-end.
Use fetch API and disable CORS.
I am currently in the process of creating a browser extension for a university project. However as I was writing down the extension I hit a really weird problem. To understand fully my situation I will need to describe it in debt from where my issue comes.
The extension that I am currently working on has to have a feature that checks if the browser can connect to the internet or not. That is why I decided to create a very simple AJAX request function and depending on the result returned by this function to determine if the user has internet connection or not.
That is why I created this very simple AJAX function that you can see bellow this line.
$.ajax({
url: "https://enable-cors.org/index.html",
crossDomain: true,
}).done(function() {
console.log("The link is active");
}).fail(function() {
console.log("Please try again later.");
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
So far, as long as I understand what it is doing, it is working fine. For example, if you run the function as it is, it will succsesfully connect to the url and process with the ".done(function..." if you change the url to "index273.index" a file which does not exist it will process with the ".fail(function...". I was happy with the result until I decided to test it further more and unpluged my cable out of my computer. Then when I launched the extension it returned the last result from when the browser had connection with the internet. My explanation why the function is doing this is because it is caching the url result and if it cannot connect it gives the last cached value. My next step to try and solve this was to add "cache: false" after the "crossDomain: true" property but after that when I launch the extension it gives the following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://enable-cors.org/index?_=1538599523573. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
If someone can help me out sorting this problem I would be extremely grateful. I would want to apologise in advance for my English but this is not my native language.
PS: I am trying to implement this function in the popup menu, not into the "content_scripts" category. I am currently testing this under Firefox v62.0.3 (the latest available version when I write this post).
Best regards,
George
Maybe instead of calling the URL to check if the internet connection is available you could try using Navigator object: https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
unless the remote server allowed origin (allowed cors) then you can't access it because it's a security issue.
But there are other things you can do:
You can load image and fire event when an image is loaded
You can access remote JSON via JSONP response
but you can't access other pages because (unless that server allows it) it's a security issue.
I have multiple websites that have RSS XML feed, and I want to use it for my Web App. I tried using Axios function (showed below).
axios.get('https://www.15min.lt/rss/sportas')
.then((response) => {
loading = false;
this.dataReceived = response;
console.log(response);
})
.catch((error) => {
loading = false;
this.errorReceived = error;
console.log({ error });
});
But all I got back is
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I tried to upload all project to the server because I found out that this error can be caused because of using it locally on the personal machine. But the result I got is the same, except instead of 'null' in error, I got my domain name.
I tried other Web App based on Vue.js to test or it's my side problem or website is just blocking any connection to RSS feed. But http://qreader.qcode.in web app worked with my links, and I'm sure it's possible to make it work. But I don't have an answer how to make it work.
In my project, I'm using Vue.js, Axios, and jQuery.
I found the easiest way myself. There is a website - https://cors.now.sh which helps to make these requests.
Just use it like in the example below:
XML Retrieve URL - https://cors.now.sh/https://example.com/rss-xml-link
TL/DR:
MSDN azure articles refer to going to the "Configure" section of the https://manage.windowsazure.com/ mobile services settings to add other URLS to CORS. It seems it isn't there anymore - any idea where it's gone?
The longer story for background:
Trying to follow this article:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-how-to-use-client-library/
and this linked one:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
I have followed the article and created an azure mobile service with a sql server database (and 1 simple table in it.)
I then try to connect to it on my web server (localhost:8000/) with the js code:
var MobileServiceClient = WindowsAzure.MobileServiceClient;
var client = new MobileServiceClient('https://myappnamehere.azure-mobile.net/', 'mykeyhere');
I then make a call to query some data:
var table = client.getTable('mytablename');
var query = table.where({
complete: false
}).read().done(function (results) {
console.log(results);
}, function (err) {
console.log(err);
});
And the where call runs the error callback with the message:
"XMLHttpRequest cannot load
https://myappnamehere.azure-mobile.net/tables/tablename?$filter=(complete%20eq%20false).
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'localhost:8000' is therefore not allowed
access."
I'm guessing this is because although localhost is meant to be allowed in the server side CORS settings localhost:8000 isn't.
Trouble is, both articles above refer to going to the "Configure" section of the https://manage.windowsazure.com/ mobile services settings to add other URLS to CORS. It seems it isn't there anymore - any idea where it's gone?
All the other articles I look for talk about setting it in your config file etc. but the point is I don't want to push code to the server-side. That 1st article definitely implies that I can just create the service and the sql server table and then talk to it from javascript client-side (presumably automagically through the use of OData.) That is possible right or is that part of the article completely wrong too?!
If you're using the JavaScript (node.js) backend, then you'll see the list of cross-origin resource sharing (cors) domains. On the .NET backend, the support isn't baked in yet, but you should be able to add it by following the instructions to enable CORS for Web API (after all, the .NET backend is built on top of that platform).
Since you're accessing your service at localhost, I'm assuming that you're using the .NET backend, which is why you won't see the list of CORS domains in the portal. The integrated support should be coming in soon, but before that you can add the support manually as described in the document linked above.