rest.js icon indicating copy to clipboard operation
rest.js copied to clipboard

Published 20 hours ago verified publisher icon octokit

[blocked] github.repos.archive() & octokit.repos.uploadAsset() not working in browser due to CORS settings on codeload.github.com & uploads.github.com

Open gr2m opened this issue 6 years ago • 12 comments

github.repos.archive() sends a request to GET /repos/:owner/:repo/:archive_format/:ref which currently redirects to a URL such as https://codeload.github.com/octokit-fixture-org/tmp-scenario-get-archive-20180220222254019-9abgf/legacy.tar.gz/master (see @octokit/fixtures/scenarios/api.github.com/get-archive/raw-fixture.json#L336-L337)

https://codeload.github.com does not set the same CORS headers as https://api.github.com: It currently just sets Access-Control-Allow-Origin: https://render.githubusercontent.com instead of Access-Control-Allow-Origin: * (see @octokit/fixtures/scenarios/api.github.com/get-archive/raw-fixture.json#L378-L379)

octokit.repos.uploadAsset() is similar. It requires the url to be set to the upload_url returned by a release, which currently looks something like https://uploads.github.com/repos/octokit-fixture-org/tmp-scenario-release-assets-20180210174457916-n03dy/releases/9623307/assets{?name,label} (see @octokit/fixtures/scenarios/api.github.com/release-assets/raw-fixture.json#L322). https://uploads.github.com sets no Access-Control-Allow-Origin header at all: @octokit/fixtures/scenarios/api.github.com/release-assets/raw-fixture.json#L560-L595

gr2m avatar Feb 25 '18 03:02 gr2m

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 25 '18 04:03 stale[bot]

For now we should log better error messages in the browser for the affected methods

gr2m avatar Mar 25 '18 21:03 gr2m

I don't understand this CORS limitation on codeload.github.com: I'm not able to develop a website that should download (AJAX request) a zipball from my GitHub project for its data...

anthony-o avatar Mar 20 '20 00:03 anthony-o

Could you contact GitHub support and reference this issue? https://support.github.com/contact That will help to bump the priority

gr2m avatar Mar 20 '20 00:03 gr2m

is this a CORS problem? https://medium.com/netscape/hacking-it-out-when-cors-wont-let-you-be-great-35f6206cc646

shouldsee avatar Apr 06 '20 02:04 shouldsee

Yes

gr2m avatar Apr 06 '20 06:04 gr2m

I too am having the same issue when trying to do ajax requests for the zip file, has there been any update on this ticket?

jrigmaidenTechtonic avatar Apr 27 '20 17:04 jrigmaidenTechtonic

No, I'll update the issue once there is. But please support at https://support.github.com/contact to make them aware of your use cases and to bump the priority. I've been pushing for this for over two years now 🤷

gr2m avatar Apr 27 '20 18:04 gr2m

Created a support ticket for this. Also a major blocker for my team's application. I don't understand why this cannot be resolved on the GitHub API side.

jmcallister-msft avatar Mar 17 '21 19:03 jmcallister-msft

bumped into this cors issue today, can't download zipball with ajax

jimmywarting avatar Mar 04 '22 20:03 jimmywarting