2

So, I completed a code challenge for an application I put in. In this process, I was told my code challenge was not accepted because it didn't resolve the CORS issue. I am frustrated by this because my understanding is that I cannot resolve the CORS response because I don't have access to their API to allow my client origin.

The GET request I sent through is blocked by the absence of pre-flight Access-Control-Allow-Origin header. I obviously cannot force the server to accept my request. With that said, it does go through in Postman without credentials. I understand that I can disable cors on the browser and it may have worked. I'm just not entirely sure what I could have done to resolve this and appreciate anything you can tell me to help me out with this.

Thanks

Omri Attiya
  • 3,917
  • 3
  • 19
  • 35
Stephen Kyle Dodd
  • 37
  • 4
  • 1
    Well, if they really mean it, I think all you could do is, build a proxy for their api, with CORS enabled, use this proxy api, then forward those requests to their API and send whatever they respond back to the client:) – hazimdikenli Dec 16 '20 at 16:50
  • 2
    This isn't a duplicate so I'm going to try and answer your question for you in the comments. Client side JavaScript is not allowed to access cross origin resources via either XMLHttpRequest() or fetch() without CORS credentials. But you can still access cross origin resources other ways. For example your server has no restrictions on what it can access which means your client side JavaScript can query your server and your server can proxy the request. JSONP also usually works cross origin without CORS credentials. That is unless there is a referer header check which is usually not the case. – PHP Guru Dec 16 '20 at 16:52
  • @PHPGuru — The answer to the duplicate question says all that. (Except it points out that JSONP **doesn't** usually work because it has to be explicitly implemented by the server the request is being made to) – Quentin Dec 16 '20 at 17:59
  • I really appreciate the responses guys! This was for a frontend role, so I really think the Sr. Dev didn't know what they were talking about. I don't think they would expect a Frontend dev to write a server to proxy the request. – Stephen Kyle Dodd Dec 16 '20 at 18:04
  • 1
    @Quentin Even if the answer is the same the question is different and warrants its own responses. Closing the question was unnecessary. – PHP Guru Dec 16 '20 at 18:24
  • JSONP stands for JSON with padding. You are correct that if a resource is not JSONP, cross origin access won't work without CORS. – PHP Guru Dec 16 '20 at 18:32
  • @PHPGuru — Both questions are "What can I do about a No 'Access-Control-Allow-Origin' header error?", just phrased slightly differently and this one eliminates a couple of possible solutions. That not a significant difference. The duplicate is a duplicate. – Quentin Dec 16 '20 at 18:47
  • 1
    The question you linked to is "What is stopping me from accessing the page?" which is a different question. – PHP Guru Dec 16 '20 at 19:56

0 Answers0