CORS security error when running vscode live server in the browser

[bognar-dev]

Hallo, first of all thanks for this great api, I tried to build a little app/website for my use and when I try to run it in the browser I get a Cross-Origin Resource Sharing (CORS) error. Is there any solution to it?

[derhuerst]

If Deutsche Bahn's API used by db-prices doesn't have CORS enabled (maybe it does?), there is no easy fix for this. (This is the whole point of the CORS security model.)

You can either run db-prices on a server and expose it via a custom API. Or you can set up a CORS proxy specifically for the aforementioned API.

[simonhammes]

I tried to build a little app/website for my use

If you only need it to run on your own machine, you can install a browser extension to disable CORS.

[derhuerst]

If you only need it to run on your own machine, you can install a browser extension to disable CORS.

Note that, unless this browser extension only works for certain origins (more or less domains), this is highly discouraged! It will leave you exposed to various attacks, e.g. any page could query your Gmail inbox.

[simonhammes]

If you only need it to run on your own machine, you can install a browser extension to disable CORS.

Note that, unless this browser extension only works for certain origins (more or less domains), this is highly discouraged! It will leave you exposed to various attacks, e.g. any page could query your Gmail inbox.

You are correct. I should have added that warning myself.