Hi all!
I have an issue with CORS when accessing the Rest API from within a Web-plugin. As explained here, it is very easy to get a Rest Authorization Token to execute API calls from the miro SDK. However, when attempting to get a REST resource (I was getting /v1/boards/{id}/user-connections), I get a CORS exception because I call the API from the domain of my plugin. (which of course runs inside miro.com)
Â
My understanding is that the only workaround is to make the call to the API from a server and not the browser, which would require my plugin to require a server, which has a big complexity addition - it would be much simpler if it could continue to be hosted as a static website on GitHub Pages.
Â
So my question:
- Is there a way that I am not aware of to circumvent this problem (other than hosting a server)?
- If there is not, would it be possible to set the Access-Control-Allow-Origin header on requests to * (or potentially more safe to a list of addresses that could be configured on the board or plugin?)
Thanks!
Max
Â
Error Message:
Access to fetch at 'https://api.miro.com/v1/boards/XXXXXXXXXX/user-connections?access_token=XXXXXXXXXXXXX' from origin 'https://XXXXXXXXXXXXXXX.ngrok.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Â
Best answer by Thor Mitchell
View original