Family Tree - Geni

Log In

Email:

Password:

visibility

Don't know your password?

Security Code:

Trust this computer

Log In with Facebook

Reply |

Start a new discussion topic

Developer Forum » Unable to request with fetch in javascript

Started by Ihárosi Wiktor on 5/1/2022

Displaying all 3 messages

	Ihárosi Wiktor 5/1/2022 at 2:55 Report	I would like to respect the rate limits for the api calls in my js app. They are presented in the response headers. But unfortunately with JSONP, it is impossible to read these headers. I tried the api calls with fetch, but then I got error: "Access to fetch at 'https://www.geni.com/api/...' from origin 'https://mydomain.example' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled." I set the "Site Domain" to mydomain.example in my app settings, but there is no Allow-Origin header in the request. How could I access to the X-Api-Rate headers in javascript in other ways? Thank you!
	Mike Stangel 5/2/2022 at 20:05 Report	Hi, are you using the JavaScript SDK at https://www.geni.com/platform/developer/help/sdk_js?version=1 ? Also, I noticed your app is registered with http but your site redirects to https -- I would suggest you update your app on Geni to reflect the https protocol. Lastly, I see you're passing "Sec-Fetch-Mode no-cors" in the headers, did that resolve the issue for you? (we might still need to revisit how this works, I think we tightened the CORS security since publishing the API documentation)
	Ihárosi Wiktor 5/3/2022 at 1:30 Report	Hello Mike, Thank you for quick answer. :) >are you using the JavaScript SDK No, I don't use it. I implemented the app without it. But I checked the sdk and it uses jsonp also, not fetch. I use this simple polyfill to use jsonp with fetch-like syntax. https://github.com/camsong/fetch-jsonp/blob/master/src/fetch-jsonp.js >Also, I noticed your app is registered with http but your site redirects to https That's right, I did not notice this. Thank you, I updated. But this doesn't solve the fetch problem. There are no Access-Control-Allow-Origin header in the api response. >I see you're passing "Sec-Fetch-Mode no-cors" in the headers, did that resolve the issue for you? I think this is a default browser header when using plain javascript script tag to inject the jsonp. I did not set this header in the script, so unfortunately, it did not resolve the issue. >we might still need to revisit how this works Thank you!

English (US) eesti Svenska Español (España) Français עברית Norsk (bokmål) dansk Nederlands Deutsch »

rails-1a-000