CORS issue in webclient

Schleevoigt · September 1, 2023, 8:54am

export default class Isochrone {
    constructor(lanr) {
        (async () => {
            let client = new Openrouteservice.Isochrones({ api_key: ORS_KEY });
            try {
                let response = await client.calculate({
                    locations: [[8.690958, 49.404662], [8.687868, 49.390139]],
                    profile: 'driving-car',
                    range: [600],
                })
            } catch (err) {
                console.log(err)
            }
        })();
    }
}

This basic code throws exception (CORS-Kopfzeile ‘Access-Control-Allow-Origin’ fehlt). Statuscode: 503.

This is an issue on server side. Without he header line in answer it is impossible to use this SDK in browser ;-(

I’m using a valid token with quota. Here my request:

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: de,en-US;q=0.7,en;q=0.3
Authorization: VALID KEY
Connection: keep-alive
Content-Length:206
Content-type:application/json
Host: api.openrouteservice.org
Origin: http://rabe.kvhh.de
Referer: http://rabe.kvhh.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors

And here the response

content-length: 57
content-type: application/json
date: Fri, 01 Sep 2023 09:11:53 GMT
server: nginx/1.23.1
X-Firefox-Spdy: h2
x-generator: tyk.io

And:

Status: 403 Forbidden
Version: HTTP/2
Übertragen: 233 B (57 B Größe)
Referrer Policy: strict-origin-when-cross-origin

Remark. Our server is in intranet and not accessible from the world. Does it is a problem?

amandus · September 4, 2023, 12:11pm

Hi @Schleevoigt,

this is either a problem with your intranet, or you were running into the daily request limit, which also results in a 403 (minutely limit results in 429).

You could run the code snippet from outside your intranet to ensure it’s not the limit.

Best regards