Page 1 of 1

Mod Portal API - CORS error in Electron app

Posted: Tue Apr 20, 2021 8:18 pm
by IzaacJ
Hello.

I'm building an app using Electron+React to manage mods on my headless servers, however, when sending a request (using node-fetch) I'm getting a CORS error.

Is this a bug or is it intended? Seems to be a lot of tools out there using the API, and the same request works perfectly when made in the browser.

Re: Mod Portal API - CORS error in Electron app

Posted: Wed Apr 21, 2021 9:59 am
by Sanqui
As far as I'm concerned this is not a bug: we don't want random websites to be able to interact with these APIs from the browser. If you are developing a local application using Electron, I believe there are ways to override CORS.

I am open to arguments to convince me otherwise though :)

Re: Mod Portal API - CORS error in Electron app

Posted: Wed Apr 21, 2021 11:19 am
by eradicator
56jldt.jpg
56jldt.jpg (92.11 KiB) Viewed 1747 times

Re: Mod Portal API - CORS error in Electron app

Posted: Wed Apr 21, 2021 4:31 pm
by IzaacJ
Sanqui wrote: ↑
Wed Apr 21, 2021 9:59 am
As far as I'm concerned this is not a bug: we don't want random websites to be able to interact with these APIs from the browser. If you are developing a local application using Electron, I believe there are ways to override CORS.

I am open to arguments to convince me otherwise though :)
Good to know 🙂 Pretty new to React and Electron so I’ll definitely look up on how to do that.

So, no arguments from me 😁

Re: Mod Portal API - CORS error in Electron app

Posted: Wed Apr 21, 2021 8:59 pm
by ptx0
IzaacJ wrote: ↑
Wed Apr 21, 2021 4:31 pm
Sanqui wrote: ↑
Wed Apr 21, 2021 9:59 am
As far as I'm concerned this is not a bug: we don't want random websites to be able to interact with these APIs from the browser. If you are developing a local application using Electron, I believe there are ways to override CORS.

I am open to arguments to convince me otherwise though :)
Good to know 🙂 Pretty new to React and Electron so I’ll definitely look up on how to do that.

So, no arguments from me 😁
use Access-Control-Allow-Origin: *

another method would be to have a local PHP script that you call, which solely acts as a proxy to the remote API. then CORS is preserved.