Comments (6)
This is unfortunately a recent change that Awair made (with no announcement or documentation). I will look at some possible changes I can make to handle this, but it really undermines the simplicity of the current approach. Below is the exchange I had with Awair support over the past two weeks.
Hi all,
Regarding the example response here: Awair Home & OAuth Developer APIs (getawair.com)
It shows that it has access control headers that would allow it to be called from other domains:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Accept-Encoding, Accept-Language, Host, Referer, User-Agent
Access-Control-Allow-Credentials: trueBut when calling the actual API the response doesn't have these headers. So calling it via Postman works (no CORS restrictions), but when called from an actual browser (in my case via WebAssembly: AwairBlazor (smklancher.github.io)), it is blocked with a CORS error.
Is something different needed for calling the API cross domain in the browser?
Is this related to blocking the PlanetWatch mentioned on twitter or something?Thanks for any help!
StephenHi Stephen,
Engineering reports that we donβt allow cross-domain resource sharing when calling the API from a web browser. This is our security policy. The majority of our API use cases are system-to-system integration. If you want to use the browser to call the API directly, you can consider using a browser proxy.
Thanks and Breathe Easy,
BenjaminHi Benjamin,
Thanks for the confirmation. My project has been calling it from the browser for more than two years. So, this is a new security policy, so it would have been nice if there had been something in public documentation announcing it. As I mentioned, your developer documentation provides example API responses and these examples specifically include the headers that do allow cross domain requests. You would want to change those to align with your new policy.
But either way I appreciate the confirmation.
Thanks!
StephenHi Stephen,
I'm passing on your feedback to engineers and it's really appreciated. They have mentioned an announcement coming up for any API changes. We want to be transparent and you all in the know just as much as we are!
Thanks and look out for an email in the coming weeks.
Breathe Easy,
Benjamin
from awairweb.
Argh, damn... Let's hope they provide a way to support the use of your web app.
from awairweb.
I deployed an instance of cors-anywhere to railway.app and am running the API calls through that now. I'm assuming there will never be enough traffic to go beyond railway's free usage.
Though there generally shouldn't be a need to change it, the setting should work with any CORS proxy that allows Authorization headers. The only working public one I found at the moment was thingproxy. So, for example, if my railway account hit the usage limit and I haven't gotten around to fixing it yet, the app would still be usable by changing the proxy setting to "https://thingproxy.freeboard.io/fetch/".
from awairweb.
Cool, thanks for quickly deploying this workaround. It is working now :)
By the way, are you planning to add the "Score" information? It would be very useful in case you just want a quick check the overall quality of your air.
from awairweb.
Not planning anything in general, but that's manageable enough: I've added it.
from awairweb.
This is perfect, thank you so much!
from awairweb.
Related Issues (17)
- Upgrade from 3.2.0 Preview 1 to 3.2.0 Preview 2
- Upgrade from 5.0 RC1 to 5.0 RC2
- Upgrade from 5.0 RC2 to 5.0
- Update ChartJS.Blazor to 2.0 HOT 1
- Upgrade to .NET 6.0 HOT 2
- Use preferred units HOT 1
- Suggestion: Add an overview page HOT 3
- Awair API dead HOT 1
- Upgrade from 3.2.0 Preview 2 to 3.2.0 Preview 3
- Upgrade from 3.2.0 Preview 3 to 3.2.0 Preview 4
- Upgrade from 3.2.0 Preview 4 to 3.2.0 Preview 5
- Failed to find a valid digest in the 'integrity' attribute for resource
- Upgrade from 3.2.0 Preview 5 to 3.2.0 RC
- Upgrade from 3.2 RC to 3.2 Release
- Upgrade from 3.2 to 5.0 RC1 HOT 2
- Consider Azure Static Web App
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awairweb.