jqbx-issues icon indicating copy to clipboard operation
jqbx-issues copied to clipboard
verified publisher icon JasonZigelbaum

CORS error on login

Open lorenzleutgeb opened this issue 6 years ago • 3 comments

Loading app.jqbx.fm hangs showing "Logging in...". The console shows:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.spotify.com/v1/me. (Reason: CORS request did not succeed).

I am using Firefox 71 on Fedora Linux.

lorenzleutgeb avatar Jan 07 '20 16:01 lorenzleutgeb

Thanks for the info. Can you try again? That looks like a Spotify issue. Alternatively, what browser are you using? Do you have your security settings set to be very strict? This could also be causing the issue.

On Tue, Jan 7, 2020 at 11:25 AM Lorenz Leutgeb [email protected] wrote:

Loading app.jqbx.fm hangs showing "Logging in...". The console shows:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.spotify.com/v1/me. (Reason: CORS request did not succeed).

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/JasonZigelbaum/jqbx-issues/issues/187?email_source=notifications&email_token=AAGIOSOMG3YA4PKB3DYGEMTQ4SUHPA5CNFSM4KD3WZ4KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IERCNMA, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGIOSMKOI4KILSCMSRRGJ3Q4SUHPANCNFSM4KD3WZ4A .

JasonZigelbaum avatar Jan 07 '20 16:01 JasonZigelbaum

It seems that you replied via e-mail directly and therefore did not notice that I already specified which browser I am using in the initial comment. I added this information by editing the initial comment, which does not trigger GitHub to send another e-mail.

I do not think that any (user-friendly, GUI) security settings in Firefox will change it's behaviour regarding CORS. The only ways to do this that I know of are extensions like "CORS Everywhere" ("CorsE") and messing around in about:config (see also this question on StackOverflow). Neither of the two options will be accepted by a large number of users, so even though they work around the issue, you will end up with many potential users getting frustrated with your product.

I am wondering whether you could/should do the requests to api.spotify.com on your server instead of the browser. You would not have any problems with CORS this way.

lorenzleutgeb avatar Jan 08 '20 13:01 lorenzleutgeb

So I just checked and the app is working for me on FF 71 on my Mac. Can you try w/ google chrome or some other browser to confirm whether or not it's a browser specific thing?

Re: using a proxy to call the api calls via the server. Yes that would work as well and perhaps should have started off that way but it's been a long time. Plus a lot of the Spotify resources are for client side implementations / libraries. So what I'm saying is that there shouldn't be an issue w/ CORS for anyone since the Spotify API seems to be agnostic about where it gets called.

JasonZigelbaum avatar Jan 08 '20 15:01 JasonZigelbaum