Request header field authorization is not allowed by Access-Control-Allow-Headers AND Accept-Encoding error

[muhammed671]

Hi,

im triyng to connect to the AOI but I get alwasy this issue:

Access to XMLHttpRequest at 'https://api.sandbox.ebay.com/identity/v1/oauth2/token' from origin 'http://localhost:8100' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

Here is my code:

const eBayApi = require('@hendt/ebay-api')

const eBay = new eBayApi({
  appId: 'xxxxxxxxx',
  certId: 'xxxxxxxxx',
  devId: 'xxxxxxxx',
  sandbox: true,
  siteId: eBayApi.SiteId.EBAY_DE,
  marketplaceId:  eBayApi.MarketplaceId.EBAY_DE,
  acceptLanguage: eBayApi.Locale.en_DE, 
  contentLanguage: eBayApi.ContentLanguage.en_DE, 
});

const item = await eBay.buy.browse.getItem('v1|254188828753|0');
console.log(JSON.stringify(item, null, 2));

How I can solve this problem?

[dantio]

You have to use a proxy since you are using it from the browser. Take a look in browser examples and here https://hendt.github.io/ebay-api/

[muhammed671]

Thanks for the feedback

It's solved. I put this config (only for testing):

eBay.req.instance.interceptors.request.use((request) => {
  request.url = 'https://ebay.hendt.workers.dev/' + request.url;
  return request;
});

But now I have Accept-Encoding error:

This is my header:

  private httpOptions = {
    headers: new HttpHeaders({ 
      'Authorization': 'Basic ' + btoa(appId + ':' + certId),
      'Accept': 'application/json',
      'Content-Type': 'application/x-www-form-urlencoded',
      'Accept-Encoding': 'gzip',
      'Content-Encoding': 'gzip'
    })
  };

How I can solve this problem?

[dantio]

Why do set the headers? It's not required. Just take a look in the source code of the page I posted.

[muhammed671]

That's my full configuration. But same issiue with "Accept-Encoding"

import  eBayApi  from '@hendt/ebay-api';

const eBay = new eBayApi({
  appId: appId,
  certId: certId,
  sandbox: false,
});

eBay.req.instance.interceptors.request.use((request) => {
  // Add Proxy
  request.url = 'https://ebay.hendt.workers.dev/' + request.url;
  return request;
});

eBay.commerce.taxonomy.getCategoryTree('77').then(data=>console.log(data))

[dantio]

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width">
  <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/@hendt/ebay-api@latest/lib/ebay-api.min.js"></script>
</head>
<body>
<script>
  
const eBay = new eBayApi({
  appId: '-',
  certId: '-'',
  sandbox: false,
});
  
eBay.req.instance.interceptors.request.use((request) => {
  request.url = 'https://ebay.hendt.workers.dev/' + request.url;
  return request;
});
  
  eBay.commerce.taxonomy.getCategoryTree('77').then(data=>console.log(data))
  </script>
</body>
</html>

Tested with Chrome and FF. Both works for me.

[dantio]

I'm able to reproduce the error now. I'm on it.

[dantio]

@muhammed671 v5.0.3 should fix this issue.

[muhammed671]

Thanks for fixing. In my local test envairment it looks good. Next step, needs to check it in production on the server with my own proxy.

I will let you know about the result.

[muhammed671]

It works also on production with own proxy.

Used Proxy Server:
https://github.com/Rob--W/cors-anywhere

@dantio Thanks for support and fixing the issue

[dantio]

Nice! Thank you, I'll add cors-anywhere to docs also.

[muhammed671]

Nice! Thank you, I'll add cors-anywhere to docs also.

Only for your Docs. The Proxy from Rob--W/cors-anywhere works very well with heroku.com