I'm trying to access the Deezer API from localhost, but I'm keep getting the following error:
Fetch API cannot load ;q=eminem.
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost' is therefore not allowed access.
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
localhost's response's headers does have Access-Control-Allow-Origin header (Access-Control-Allow-Origin:*).
I'm using fetch like:
fetch(';q=eminem').
What am I doing wrong?
I'm trying to access the Deezer API from localhost, but I'm keep getting the following error:
Fetch API cannot load http://api.deezer./search/track/autoplete?limit=1&q=eminem.
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost' is therefore not allowed access.
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
localhost's response's headers does have Access-Control-Allow-Origin header (Access-Control-Allow-Origin:*).
I'm using fetch like:
fetch('http://api.deezer./search/track/autoplete?limit=1&q=eminem').
What am I doing wrong?
Share Improve this question edited Aug 3, 2017 at 12:50 Tamás asked Aug 3, 2017 at 12:08 TamásTamás 1,1122 gold badges12 silver badges30 bronze badges 4- Check out this: stackoverflow./a/20035319/4304132 – Andreas Commented Aug 3, 2017 at 12:15
- With html5rocks-cors.s3-website-us-east-1.amazonaws./index.html, it loads the request but with api.deezer./search/track/autoplete?limit=1&q=eminem, it errors the same way. – Tamás Commented Aug 3, 2017 at 12:48
-
is the api responding to that request with an
access-control-allow-origin: *? or anaccess-control-allow-origin:<your origin>in this cast localhost? – Schrodinger's cat Commented Aug 3, 2017 at 13:00 - By using no cors definitin will help for some apis that's not required by header – HipsterSantos Commented Aug 18, 2021 at 15:52
3 Answers
Reset to default 15You can make the request through a public CORS proxy; to do that try changing your code to:
fetch('https://cors-anywhere.herokuapp./http://api.deezer./search/track/autoplete?limit=1&q=eminem')
That sends the request through https://cors-anywhere.herokuapp., which forwards the request to http://api.deezer./search/track/autoplete?limit=1&q=eminem and then receives the response. The https://cors-anywhere.herokuapp. backend adds the Access-Control-Allow-Origin header to the response and passes that back to your requesting frontend code.
The browser will then allow your frontend code to access the response, because that response with the Access-Control-Allow-Origin response header is what the browser sees.
You can also set up your own CORS proxy using https://github./Rob--W/cors-anywhere/
For details about what browsers do when you send cross-origin requests from frontend JS code using XHR or the Fetch API or AJAX methods from JavaScript libraries—and details about what response headers must be received in order for browsers to allow frontend code to access the responses—see https://developer.mozilla/en-US/docs/Web/HTTP/Access_control_CORS.
For now, it is impossible to make this request. You can proxy request to API from your own backend or use jsonp. Here is a library with fetch-like syntax https://github./camsong/fetch-jsonp. Usage example https://jsfiddle/4dmfo0dd/1/
fetchJsonp('https://api.deezer./search/track/autoplete?limit=1&q=eminem&output=jsonp')
.then(function(response) {
return response.json();
})
.then(json => console.log(json))
.catch(function(error) { console.log(error); });
CORS or Cross Origin requests made to servers
http://api.deezer./search/track/autoplete?limit=1&q=eminem
in this case, have a preflight check enabled by all modern browsers.
and usually fail, if the server does not respond with Access-control headers.
In case of a fetch too, since you are basically fiddling with Javascript ,
You Need the Server to respond with Access-control-Allow-Origin Headers, which are flexible.
You Can not do Much about it Unless, the API itself bees flexible and more open.
You however can Use fetch with mode set to no-cors
IFFF you only wish to cache the result of the request you make, to serve as a response, and not consume it yourself
Read Opaque Responses
No-CORS Definition
no-cors — Prevents the method from being anything other than HEAD, GET or POST. If any ServiceWorkers intercept these requests, they may not add or override any headers except for these. In addition, JavaScript may not access any properties of the resulting Response. This ensures that ServiceWorkers do not affect the semantics of the Web and prevents security and privacy issues arising from leaking data across domains