GiphyAPI icon indicating copy to clipboard operation
GiphyAPI copied to clipboard

Published 20 hours ago verified publisher icon Giphy

CORS for oEmbed

Open cpwinn opened this issue 6 years ago • 5 comments

When calling the oEmbed provider from JavaScript in a browser there are no CORS headers in the response. This obviously causes the browser to block the request. Any chance we can get a response header like the following?

Access-Control-Allow-Origin: "*"

This happens with all oEmbed requests but here is an example url:

https://giphy.com/services/oembed?url=https%3A%2F%2Fgiphy.com%2Fgifs%2Fcant-hardly-wait-kW8mnYSNkUYKc

and the full requst:

var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
  if (xhr.readyState === 4) {
    console.log(xhr.response);
  }
}
xhr.open('GET', 'https://giphy.com/services/oembed?url=https%3A%2F%2Fgiphy.com%2Fgifs%2Fcant-hardly-wait-kW8mnYSNkUYKc');
xhr.send();

cpwinn avatar Dec 05 '18 21:12 cpwinn

I ran into this with a PHP library I have been using for years to get the oembed... now it returns the image saying "are you a robot?"

https://github.com/oscarotero/Embed/issues/185#issuecomment-490663024

l0c0luke avatar May 09 '19 14:05 l0c0luke

Hey @cpwinn

We we made changes to CORS header management fairly recently. Please give this a try again and feel free to open the issue if needed. Hopefully those fixes help.

Thanks.

shwetaatgiphy avatar Oct 14 '20 18:10 shwetaatgiphy

@shwetaatgiphy Looks like this issue is unchanged. You can run the code snippet above in a browser console to reproduce it.

cpwinn avatar Oct 14 '20 19:10 cpwinn

Gottit, thanks for taking a look @cpwinn! I'll forward this to the relevant team now & reach out with any updates they may have

shwetaatgiphy avatar Oct 14 '20 19:10 shwetaatgiphy

@shwetaatgiphy do you have any updates on this issue?

cbieser avatar Feb 19 '21 11:02 cbieser