1

I'm trying to do a simple http GET request to the rotten tomatoes API in my AngularJS application, but when I run it I get this in my browser console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api.rottentomatoes.com/api/public/v1.0/movies/770672122.json?apikey=[myApiKey]. This can be fixed by moving the resource to the same domain or enabling CORS.

Note: the '[myApiKey]' is replaced with my actual key...

I've tried this with Chrome and Firefox, and while I know there are some parameters that you can attach when starting up Chrome to disable this, normal users won't know how to do this, so from a browser compatibility that option just isn't going to work for me. Also I've tried running my application from my Desktop as well as from a local instance of Tomcat.

So I see that this can be fixed by enabling CORS. Now how do I do this? Obviously I can't touch the Rotten Tomatoes servers so this has to be done from my side - the client.

  • 3
    CORS needs to be enabled on the server. You might have to write some proxy for this API. – MMM Jul 16 '14 at 08:40
  • According to this thread http://developer.rottentomatoes.com/forum/read/129615 someone has already requested this feature ... but they don't seem to respond to the request. – HaukurHaf Jul 16 '14 at 08:44
  • call the api from server side and access the server side from your client – iJade Jul 16 '14 at 08:44
  • So basically as it stands now, no one can create a Angular client for the Rotten Tomatoes API? They haven't responded to the feature request in 3 years, I'm guessing CORS will never be enabled on their side. –  Jul 16 '14 at 08:45
  • 2
    See if you can make a JSONP request http://stackoverflow.com/questions/19916362/angularjs-how-to-make-a-jsonp-request . API must support this to happen – Madhur Ahuja Jul 16 '14 at 08:51
  • You might find [this answer](http://http://stackoverflow.com/questions/24718762/access-an-api-from-local-server/24723161) useful, as it's a similar question. – Alex P Jul 16 '14 at 09:37

2 Answers2

2

You need to enable CORS on the server-side code by setting the Access-Control-Allow-Origin HTTP or by changing the web.config.

Fabio Milheiro
  • 8,100
  • 17
  • 57
  • 96
1

You need to make a JSONP request to the rottentomatoes API instead of normal JSON.

Peter
  • 6,509
  • 4
  • 30
  • 34