Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CORS headers to the PeeringDB API responses #78

Closed
emjemj opened this issue Nov 6, 2016 · 10 comments
Closed

Add CORS headers to the PeeringDB API responses #78

emjemj opened this issue Nov 6, 2016 · 10 comments
Assignees
@vegu
Labels
enhancement Time:Minor Up to 4 hours
Milestone
2.7.1

Comments

@emjemj
Copy link
Contributor

emjemj commented Nov 6, 2016

I was going to write a javascript widget that you could embed to any website and for that I need Cross-Origin Resource sharing. The Access-Control-Allow-Origin: * header should be added to API responses for this to work.
@grizz
Copy link
Member

grizz commented Dec 1, 2016

Should be able to drop in django-cors-headers

@grizz grizz added the Time:Minor Up to 4 hours label Aug 17, 2017
@vegu vegu self-assigned this Nov 9, 2017
@vegu
Copy link
Contributor

vegu commented Nov 21, 2017

fixed in 22679654

Added CORS headers for GET and OPTIONS requests to /api endpoints.

Access-Control-Allow-Credentials is currently set to False, meaning cookies will be ignored for such requests. Subject for further discussion.

@mrflix
Copy link

mrflix commented Dec 11, 2017

Cool! It's great that you guys open up the db for CORS requests. Do you know when this change will go live? I just ran $.getJSON("https://www.peeringdb.com/api/net?asn=31078") which results in the following CORS error:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

@vegu
Copy link
Contributor

vegu commented Dec 12, 2017

Do you know when this change will go live?

There are no production releases planned for the remainder of 2017 - January seems likely.

@vegu vegu closed this as completed Jan 8, 2018
@vegu vegu added this to the Next Release milestone Jan 8, 2018
@natesales
Copy link

natesales commented Jan 14, 2021
edited

Looking at the milestone for 2.7.1 it looks like this was included - but I'm still getting a CORS error:

>> fetch("https://peeringdb.com/api/net?asn=34553")
Content Security Policy: The page’s settings blocked the loading of a resource at https://peeringdb.com/api/net?asn=34553 (“connect-src”).

Edit: My bad, it looks like this is actually an issue with Firefox CORS policy. It's working just fine on Chrome 87

@emileaben
Copy link

I'm having similar issues trying to use PeeringDB JSON trying to make a notebook in observablehq.com doing a fetch from peeringDB directly.
My code: https://observablehq.com/@emileaben/country-data-scraping works around this by using a proxy, which was a pain, and still can't get a JSON fetch to work.

eaben@eaben-pro% curl -i "https://www.peeringdb.com/export/advanced-search/ix/json?country__in=TR&limit=250&depth=1"
HTTP/2 200 
date: Fri, 29 Jan 2021 12:06:43 GMT
content-type: application/json
content-length: 317
server: nginx
content-disposition: attachment; filename="advanced_search_export.json"
vary: Authorization, Accept-Language, Cookie
x-frame-options: SAMEORIGIN
content-language: en

{"results": [{"Name": "DE-CIX Istanbul", "Media Type": "Ethernet", "Country": "TR", "City": "Istanbul", "Networks": 37}, {"Name": "Turk-IX", "Media Type": "Ethernet", "Country": "TR", "City": "Istanbul", "Networks": 0}, {"Name": "TR-IX", "Media Type": "Ethernet", "Country": "TR", "City": "Istanbul", "Networks": 8}]}

Looks like that doesn't have CORS header, notably the 'Access-Control-Allow-Origin: *' is missing as far as I understand CORS restrictions.

@arnoldnipper
Copy link
Contributor

Any reason you don't use the API directly, @emileaben? I.e.

curl -sG https://peeringdb.com/api/ix --data-urlencode country=IN

@emileaben
Copy link

Because I tried to tackle this via the webUI. I went to advanced search, click around so I can search for IXP in country of choice, then found the download in JSON / CSV options.

I know there is an API, but it has a gazillion end-points that I got lost in, but once you have it figured out (like your example) it totally makes sense.

I've got my case solved, if you want to prevent people walking this path and getting stuck here (I'm not sure how special I am ;) ) it might make sense to have an 'API' option (green button), next to the download in CSV/JSON green buttons for the advanced search options in the webUI.

@emileaben
Copy link

Also, for API directly I didn't see the relevant CORS headers either:

eaben@eaben-pro ~ % curl -isG https://peeringdb.com/api/ix --data-urlencode country=IN  | head 
HTTP/2 200 
date: Mon, 01 Feb 2021 09:59:36 GMT
content-type: application/json; charset=utf-8
content-length: 17281
server: nginx
allow: GET, POST, HEAD, OPTIONS
vary: Authorization, Accept-Language, Cookie
x-frame-options: SAMEORIGIN
content-language: en

@grizz grizz mentioned this issue Feb 1, 2021
Closed
@egfrank egfrank mentioned this issue Feb 5, 2021
Open
@egfrank
Copy link
Contributor

egfrank commented Feb 5, 2021

@emileaben For the CURL requests, since there's no origin set on the request, we wouldn't expect to see a access-control-allow-origin in the response header.

We created an issue about the possibility of enabling CORS on the advanced search.
#936

That issue will go through our normal process of approval / veto'ing and possibly end up in a future release.

@natesales natesales mentioned this issue Aug 26, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vegu vegu

Labels
enhancement Time:Minor Up to 4 hours
Projects
None yet
Milestone
2.7.1
Development

No branches or pull requests
9 participants
@grizz @mrflix @vegu @emileaben @emjemj @eloos @arnoldnipper @egfrank @natesales