AccountsClient icon indicating copy to clipboard operation
AccountsClient copied to clipboard
verified publisher icon Mojang

Allow cross origin requests

Open TomCaserta opened this issue 11 years ago • 7 comments

Whilst the API is just for retrieving account UUIDs can you please allow cross origin requests from browsers:

http://enable-cors.org/

Thanks,

TomCaserta avatar Mar 21 '14 12:03 TomCaserta

Seconded. This is important.

ezfe avatar Mar 21 '14 15:03 ezfe

Any update on this?

TomCaserta avatar Jun 12 '15 10:06 TomCaserta

fuck you mojang. 5 years later and still this shit

Kars1090 avatar Sep 15 '19 23:09 Kars1090

fuck you mojang. 5 years later and still this shit

Well, it's Microsoft now

ionFreeman avatar Dec 28 '19 21:12 ionFreeman

@github/Mojang U SUCK Can you just allow cross-origin requests? This is getting annoying. There's a "public" API, but other sites cannot use it because you restricted it. Dude, this API is useless if it's not accessible. (I know there's a server-side proxy solution, but that requires a server) Not developer-friendly stuff.

I think the problem is they dunno what happened and what is CORS. Lemme explain: Browsers has a new CORS restriction where XMLHTTP request cannot get a request from a different origin without special http header (so this is known as cross-origin resource sharing(CORS) restriction). For example, when a client(browser) load a webpage, it send a request from let's say "domainA.com", then domainA returns the webpage content, as well as other resources such as images, audio files, and scripts. XMLHTTP request is a constructor that includes the function(yes, I'm full stack JS developer) to send a http request to a server to get resources and API responses. Becasue of security issue(this security part I don't totally understand), browser doesn't allow XMLHTTP request from other domains, unless CORS is allowed. Let's take the example again, a webpage of domainA.com wants to call an API request to domainB.com, so a XMLHTTP request is sent. As the response goes in, browser evaluates the response for security. As it founds that domainB.com is different domain from domainA.com, it blocks it for whatever reason, and that means no API response. The way to fix it is to (1) Use server-side proxy. Take the example again, webpage of domainA.com send a request to server of domainA.com, and that server is coded to have an API to grab resources from domainB.com, and then send it to the webpage. However, that requires a working API, which means an always active server and that is hard for static website. There comes a solution (2), CORS. With the example again, the browser evaluates the http response when it loads, so that's when it got blocks. If domainB.com can add a tag in header: Access-Control-Allow-Origin:, which means that any site can get my sources so browser doesn't block https request during response evaluation and cause CORS error

Edit 1: Fix grammar ofc Edit 2: Add how to fix Edit 3: Fix grammar...

Froxcey avatar Sep 06 '20 08:09 Froxcey

Why is it called a Public Api if you cant access it

AhsabAli2000 avatar Feb 04 '21 14:02 AhsabAli2000

Guys I found https://api.ashcon.app/mojang/v2/user/Notch, I don't know how reliable it is but it has everything in one request.

pikachub2005 avatar Dec 07 '21 15:12 pikachub2005