umami icon indicating copy to clipboard operation
umami copied to clipboard
Published 11 hours ago verified publisher icon umami-software

CORS Policy Issue with Umami Cloud API Access

Open jerryc127 opened this issue 1 year ago • 4 comments

Describe the Bug

I am writing to inquire about a CORS policy issue I encountered while attempting to use the Umami Cloud API. I am currently registered under the free plan, and I am attempting to access the API with the following code:

const ddf = async () => {
  let headersList = {
    "Accept": "application/json",
    "x-umami-api-key": "xxxx"
  }
 
  let response = await fetch("https://api.umami.is/v1/websites/54fdbb4b-9a17-4bef-9ede-73cbbbc12fa5/stats?startAt=0000000000&endAt=1723571288005", { 
    method: "GET",
    headers: headersList
  });
 
  let data = await response.text();
  console.log(data);
}
ddf();

However, when I attempt to execute this code, I am encountering the following error in the console:

Access to fetch at 'https://api.umami.is/v1/websites/54fdbb4b-9a17-4bef-9ede-73cbbbc12fa5/stats?startAt=0000000000&endAt=1723571288005' from origin 'https://xxxxx.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

could you provide guidance on how to resolve this issue?

Database

Umami Cloud

Relevant log output

No response

Which Umami version are you using? (if relevant)

No response

Which browser are you using? (if relevant)

Edge

How are you deploying your application? (if relevant)

No response

jerryc127 avatar Aug 14 '24 06:08 jerryc127

The API should work without with signing up for a pro plan. I was able to run your code without any issues only changing the website ID and API key. Have your tried running it with he various CORS headers?

franciscao633 avatar Aug 15 '24 16:08 franciscao633

This is the same case with self hosted.

I had to add these to apache config

        Header unset Access-Control-Allow-Origin
        Header always set Access-Control-Allow-Origin "<website you're trying to fetch from>"
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
        Header always set Access-Control-Max-Age "1000"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"

        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]

MichaelBelgium avatar Aug 25 '24 11:08 MichaelBelgium

@jerryc127 We've pushed out a few updates. Are you still having issues?

mikecao avatar Aug 27 '24 21:08 mikecao

@jerryc127 We've pushed out a few updates. Are you still having issues?

yes, it another error

image

jerryc127 avatar Aug 28 '24 05:08 jerryc127

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Oct 28 '24 02:10 github-actions[bot]

Is there any solution?

jerryc127 avatar Nov 03 '24 06:11 jerryc127

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Jan 04 '25 01:01 github-actions[bot]

This issue was closed because it has been inactive for 7 days since being marked as stale.

github-actions[bot] avatar Jan 11 '25 02:01 github-actions[bot]

any fix for this?

nirnejak avatar Jan 16 '25 09:01 nirnejak

This problem seems to be not fixed yet @mikecao

jerryc127 avatar Feb 08 '25 08:02 jerryc127

Try again

mikecao avatar Feb 10 '25 05:02 mikecao