<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Can we have more details about the same?<o:p></o:p></p>
<p class="MsoNormal">Till the day before it was working fine. Because nothing has changed in a production environment.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It suddenly stopped working from a particular domain. In other domains, it is working without any issues.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Following is the error we are getting after making use of search/reverse-search api:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><img width="1077" height="244" style="width:11.2187in;height:2.5416in" id="Picture_x0020_1" src="cid:image001.png@01D9C569.D23A14C0"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table style="font-family: Arial; width: 440px;" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td class="" style="font-family: Arial; width: 440px; text-align: left; padding: 0px 0px 2px;" valign="bottom" rowspan="1" colspan="1">
<p style="margin: 0.1px"><span style="font-weight: bolder; color: rgb(0, 103, 177); font-family: Arial; font-size: 11pt;">Shruti Dixit </span><span style="color: rgb(98, 100, 105); font-family: Arial; font-size: 8pt;">Software Engineer</span><br></p>
</td>
</tr>
<tr>
<td valign="bottom" colspan="1" style="width: 440px; text-align: left; padding: 0px 0px 2px;" class="">
<p style="margin: 0.1px"><span style="font-size: 8pt; color: rgb(0, 103, 177); font-family: Arial; font-weight: bolder;">Email</span><span style="font-size: 8pt; color: rgb(0, 103, 177);"> </span><span style="font-size: 8pt; font-family: Arial; color: rgb(99, 99, 100);"> shruti.dixit@rib-software.com</span><br>
</p>
</td>
</tr>
<tr>
<td valign="bottom" colspan="1" style="width: 440px; text-align: left; padding: 0px 0px 2px;" class="">
<p style="margin: 0.1px"><span style="font-family: Arial;"><b style="color: rgb(0, 103, 177); font-size: 8pt; font-weight: bolder;"></b></span><b><span style="color: rgb(0, 103, 177); font-family: Arial; font-size: 8pt;">Phone</span></b><span style="font-size: 8pt; color: rgb(98, 100, 105);"><span style="color: rgb(0, 103, 177);"> </span></span><span style="font-size: 8pt; color: rgb(99, 99, 100);"><span style="color: rgb(98, 100, 105);"> </span>+91 253 6633999</span></p>
</td>
</tr>
<tr>
<td valign="top" colspan="1" style="width: 440px; font-family: Arial;" class="">
<p style="margin: 0.1px"><img src="cid:blue-line_d40935b2-037b-4887-8d74-19a11bd1363f.png" id="0.xxu7q7wl0ps" alt="blue-line.png" border="0"></p>
</td>
</tr>
<tr>
<td valign="top" colspan="1" style="width: 440px; font-family: Arial;" class="">
<p style="text-align: left; margin: 0.1px;"><span style="font-size: 8pt;"><span style="color: rgb(98, 100, 105);"><b>RIB Software</b></span></span><span style="color: rgb(98, 100, 105); font-size: 8pt;"><span style="color: rgb(98, 100, 105); font-size: 8pt;"> | C1/1, A Road, NICE Area, Satpur, Nashik, Maharashtra, 422007, India<br></span></span></p>
</td>
</tr>
</tbody>
</table>
<p><br></p><div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>From:</b> Nils Nolde <nils@gis-ops.com> <br>
<b>Sent:</b> 02 August 2023 16:12<br>
<b>To:</b> dev@openstreetmap.org<br>
<b>Subject:</b> Re: [OSM-dev] Sudden CORS Error on Open Street Map API calls<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span style="color:red">[External email: Use caution with links and attachments]
</span><o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<p> <o:p></o:p></p>
<div>
<p>If a browser wants to do CORS on GET, then it's usually some unneeded request header causing that. See the CORS-safelisted request headers here:
<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests">
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests</a><o:p></o:p></p>
<p>Cheers<br>
Nils<o:p></o:p></p>
<div>
<p class="MsoNormal">On 02.08.23 12:32, Sarah Hoffmann via dev wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>On Wed, Aug 02, 2023 at 07:35:14AM +0000, Shruti Dixit via dev wrote:<o:p></o:p></pre>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>Hi all,<o:p></o:p></pre>
<pre>·<o:p></o:p></pre>
<pre>We have implemented Open Street Map and It works great though.<o:p></o:p></pre>
<pre>·<o:p></o:p></pre>
<pre>We are facing some challenges while accessing Open Street Map API from our endpoint.<o:p></o:p></pre>
<pre>·<o:p></o:p></pre>
<pre>The error is as follows: CORS Error :<o:p></o:p></pre>
<pre>·<o:p></o:p></pre>
<pre>Access to XMLHttpRequest at '<a href="https://nominatim.openstreetmap.org/search">https://nominatim.openstreetmap.org/search</a>? format=json&q=vvvvv&limit=4' from origin '<a href="http://localhost:4200">http://localhost:4200</a>' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.<o:p></o:p></pre>
</blockquote>
<pre>This looks good here:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>me@machine:~/osm$ curl -I -X OPTIONS -H "Access-Control-Request-Method: GET" -H "Origin: http:// localhost:4200" <a href="https://dulcy.openstreetmap.org/search?format=json&q=vvvvv&limit=4">"https://dulcy.openstreetmap.org/search?format=json&q=vvvvv&limit=4"</a><o:p></o:p></pre>
<pre>HTTP/2 204<o:p></o:p></pre>
<pre>server: nginx<o:p></o:p></pre>
<pre>date: Wed, 02 Aug 2023 10:16:54 GMT<o:p></o:p></pre>
<pre>content-type: text/plain charset=UTF-8<o:p></o:p></pre>
<pre>access-control-allow-origin: *<o:p></o:p></pre>
<pre>access-control-allow-methods: GET,OPTIONS<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>You need to be more specific about what you are doing and what CORS<o:p></o:p></pre>
<pre>headers exactly your software is expecting. The only recent change is<o:p></o:p></pre>
<pre>that we don't send access-control-allow-methods anymore with GET<o:p></o:p></pre>
<pre>requests but that should be according to spec.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>We also send a 204 instead of 200 but that really shouldn't trip your<o:p></o:p></pre>
<pre>code.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Sarah<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>dev mailing list<o:p></o:p></pre>
<pre><a href="mailto:dev@openstreetmap.org">dev@openstreetmap.org</a><o:p></o:p></pre>
<pre><a href="https://lists.openstreetmap.org/listinfo/dev">https://lists.openstreetmap.org/listinfo/dev</a><o:p></o:p></pre>
</blockquote>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div style="margin-left:11.25pt;display:flex;flex-direction: column">
<div>
<p class="MsoNormal"><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#7357F9">Nils Nolde</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif">
<o:p></o:p></span></p>
</div>
<div style="margin-top:3.75pt">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Developer / Co-Founder<o:p></o:p></span></p>
</div>
<div style="margin-top:9.0pt">
<div style="margin-bottom:3.0pt;display:flex;justify-content: space-between">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7357F9">Website: </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="https://gis-ops.com/"><span style="color:#010101;text-decoration:none">https://gis-ops.com</span></a>
<o:p></o:p></span></p>
</div>
<div style="margin-bottom:3.0pt;display:flex;justify-content: space-between">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7357F9">Email: </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="mailto:nils@gis-ops.com"><span style="color:#010101;text-decoration:none">nils@gis-ops.com</span></a>
<o:p></o:p></span></p>
</div>
<div style="margin-bottom:3.0pt;display:flex;justify-content: space-between">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7357F9">Phone: </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="tel%20+491785161595"><span style="color:#010101;text-decoration:none">+49
(0)178 5161 595 </span></a><o:p></o:p></span></p>
</div>
<div style="margin-bottom:3.0pt;display:flex;justify-content: space-between">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="https://valhalla.openstreetmap.de/directions?profile=bicycle&wps=13.2618285%2C52.4299717"><span style="color:#7357F9;text-decoration:none">Mühlenstraße 8 a, 14167 Berlin
</span></a><o:p></o:p></span></p>
</div>
</div>
<div style="margin-top:2.25pt;display:flex;gap: 6px;justify-content: start">
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="https://github.com/nilsnolde"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="_x0000_i1026" src="https://s3.eu-central-1.amazonaws.com/mysigmail/icons/new/github.png" alt="social-icon-github"></span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="https://www.linkedin.com/in/nils-nolde-geophox/"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="_x0000_i1027" src="https://s3.eu-central-1.amazonaws.com/mysigmail/icons/new/linkedin.png" alt="social-icon-linkedin"></span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="https://twitter.com/gis_ops"><span style="background:#7357F9;text-decoration:none"><img border="0" width="14" height="14" style="width:.1458in;height:.1458in" id="_x0000_i1028" src="https://www.iconsdb.com/icons/preview/white/twitter-xxl.png" alt="social-icon-github"></span></a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>