2

I'm starting to despair. I run a Wordpress website where I call various rest API interfaces. The problem is that some of my calls are blocked. I have already edited in the various wp files (function.php, http.php, .htaccess, etc.) but without success. The problem persists, but the odd thing is that only certain API calls will be blocked.

These are two example calls:

var httpRequest1 = new XMLHttpRequest();
httpRequest1.open("GET", "https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd", false);
httpRequest1.send(null);
var jSONText1 = httpRequest1.responseText;

var httpRequest2 = new XMLHttpRequest();
httpRequest2.open("GET", "https://siamining.com/api/v1/network", false);
httpRequest2.send();
var jSONText2 = httpRequest2.responseText;

The first call works without problems and i get responding Json, but with the second I get the following error message:

Access to XMLHttpRequest at 'https://siamining.com/api/v1/network' from origin 'http://my-website.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

In various files I tried ,

Access-Control-Allow-Origin: *

to insert, but that was synonymous with no success. I do not understand what the difference between the two calls is and why the second one get blocked.

Varothem
  • 21
  • 4
  • The owner of api.coingecko.com allows you to grab the data with JavaScript, the owner of siamining.com doesn't. `Access-Control-Allow-Origin` would have to be set by the owner of the server/api and not you. Have a look at the related questions on the right. – Andreas Jun 11 '19 at 13:25

1 Answers1

1

The https://siamining.com/api/v1/network have the Access-Control-Allow-Origin header set to false.

The only way to circumvent it is to make the request server side having your own server that talks with siamining.com and from your wordpress javascript now you call your server endpoint that gives the reponse you want.

filipe
  • 1,957
  • 1
  • 10
  • 23