New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing required request header. Must specify one of: origin,x-requested-with #39
Comments
The Are you by any chance trying to use CORS Anywhere in a Chrome extension? |
No I'm not using Chrome extension, just prefixing "https://cors-anywhere.herokuapp.com/" to my URL |
It seems that the URL you're trying to proxy is currently not reachable via cors-anywhere.herokuapp.com When I locally start a new instance of CORS Anywhere, I do get a response. Maybe the website that you're trying to proxy has blocked all requests from the public CORS Anywhere services. Note: When you directly visit https://cors-anywhere.herokuapp.com/http://example.com via the browser, you'll see "Missing required request header. Must specify one of: origin,x-requested-with". This is intentional, the Origin header is only set by the browser for cross-origin requests. The purpose of requiring this header is to prevent the use of CORS Anywhere as a generic web proxy, because of security & performance. |
Thanks for help, I'm able to access other URLs using cors-anywhere proxy but not this particular URL. |
I have a similiar problem, my script works with Chrome but not with internet explorer - with IE 11 I get the |
@sprunge1 Example? |
I'm running cors anywhere on an internal network, it's working great for various internal servers that do status checks. I'm getting this error solely from my local installed gitlab server. My assumption is that server is rejecting the headers being sent by cors anywhere - here is the error i get in my browser console
I'm using the most basic cors anywhere client/server setup, so far i am able to query my router, redmine, jenkins, and a few other sites i'm running. It's only the gitlab server throwing the error, the page is returning JSON. Cors Anwyhere error when I view source is "Missing required request header. Must specify one of: origin,x-requested-with" |
@msudol You're likely trying to send a request to If you want to get the request to succeed anyway, add the |
Ok I don't have any solution for this it's just not redirecting |
I am having the same problem here: https://cors-anywhere.herokuapp.com/labs.bible.org/api/?passage=John+3:16-17 |
Maybe try this: |
The Currently, the only supported ways of using CORS Anywhere is:
If you cannot get the expected responses with the above methods, then one of the following could have happened:
|
|
@yoavgecht the strange thing is the request works in the demo. |
I'm using it from an extension. On firefox it run properly, adding the origin to the request:
But on chrome I get something like:
I've already "://cors-anywhere.herokuapp.com/" in my manifest.json permissions attribute. Any idea why? |
If you use it from an extension, then you don't need CORS Anywhere. Just add the host permissions to manifest.json, and then you can access a cross-origin resource without CORS. |
You're absolutely right. In fact just testing yesterday I "accidentally" (read, was trying everything) added cors-anywhere to the permission's attribute of the manifest json, and fetch wasn't sending the origin header anymore as, of course, it was treating is as "same-origin". The issue for me anyway is that I let the user insert an URL to a CSS file (that could be on github, gitlab, pastebin, whatever else) and I poll it like what stylus does for its styles. I could probably restrict the urls accepted to only some website to be honest and avoid using cors-anywhere. It's certainly something to consider. |
Thanks @sprunge1. I am able to use this successfully to access https://raw.githubusercontent.com content which was blocking me without it. |
var link = "https://www.example.com"; // Some link This is not working for me. I have tried with Heroku also but no luck. |
For anyone who stumbled upon this issue while trying to get this working through an
Note that it is important for some reason that |
@zanemcca Thank you so much. Adding those attributes solved this problem i've been working on for months |
what is x? |
See https://github.com/Rob--W/cors-anywhere/issues/39#issuecomment-387690291 |
Hi below is my code to download a pdf in my project there different clients domain and i can not download pdf with different domain. using pdfFile = "https://cors-anywhere.herokuapp.com/"+pdfFilePath this._myapiService.downloadBillAsPdf(pdfFile).subscribe(
public downloadFile(filepath, contentType): Observable {
} i am getting not fond on console and when i hit directly on browser its giving Missing required request header. Must specify one of: origin,x-requested-with |
I have this issue with the chrome extension. |
Add X-Requested-With to your headers. headers: { This should solve the problem. |
this url fails when I access it from ajax request.
Here is my code.
var x = new XMLHttpRequest();
x.open('GET', 'https://cors-anywhere.herokuapp.com/http://www.thecapitoltheatre.com/files/2016/01/squirrel1.jpg');
//x.setRequestHeader('x-requested-with', 'XMLHTTPREQUEST'); adding this also won't chang anyting.
//x.setRequestHeader('origin', 'http://localhost); if i do this browser throwing exception.(Refused to set unsafe header "origin",in Google Chrome)
x.responseType = 'blob';
x.onload = function () {..........};
x.onerror = function () {........}
The text was updated successfully, but these errors were encountered: