2

The World Community Grid API docs indicate that team data can be fetched in JSON or XML. I've only managed to get XML out by tacking on xml=true or format=xml. I can view that data directly in my browser.

Great. Now I need to fetch it onto my own site's page. However, when I try to get the data with d3.xml(), the browser console displays:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

Not so great. Further investigation of the headers from WCG show:

Server: Apache
X-Powered-By: Servlet/3.0
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 17684
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; img-src * data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com;
Content-Type: text/xml; charset=UTF-8
Content-Language: en-US
Connection: close

Is WCG essentially saying, "No CORS for you?" or is there a better ways I should be fetching the data from the client side? I'd rather not have to fetch/store/proxy this data through my webserver.

I'm also hoping someone out there will have a link to better docs or examples on using the WCG API. Information seems to be sparse.

Thanks!

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Bill
  • 518
  • 5
  • 10
  • 1
    Yeah, WCG is saying *"No CORS for you"*. It’s anybody’s guess whether they’re intentionally disallowing CORS or whether they’re just being lazy. But as long as you’re not sending credentials in the request, you can work around it by using an open public CORS proxy. For details, see the *How to use a CORS proxy to get around “No Access-Control-Allow-Origin header” problems* section of the answer at https://stackoverflow.com/a/43881141/441757 And if you have a Heroku account, in literally only 2 or 3 minutes you can set up your own such proxy. Details about that are also in that answer – sideshowbarker May 23 '18 at 03:22
  • @sideshowbarker that's a very complete answer. Do you believe I can safely dupe hammer this question? – Gerardo Furtado May 23 '18 at 03:30
  • Yeah, I think you could close this as a duplicate of that. Or if you’re not able to yet as far as Stack Overflow perms go, lemme know and I can – sideshowbarker May 23 '18 at 03:31
  • @sideshowbarker unfortunately you can't, you still have some 150 [tag:cors] upvotes to receive until you can do it :-). – Gerardo Furtado May 23 '18 at 03:33
  • @GerardoFurtado ah thanks much! – sideshowbarker May 23 '18 at 03:39
  • @sideshowbarker Thanks. It's a dupe because I obviously didn't know what question to ask yet. Perhaps I was just being overly-specific. Regardless, very helpful; always learning. – Bill May 24 '18 at 07:25

0 Answers0