[OSM-dev] Sudden CORS Error on Open Street Map API calls

Shruti Dixit shruti.dixit at rib-software.com
Wed Aug 2 12:19:38 UTC 2023 

Hi,

Can we have more details about the same?
Till the day before it was working fine. Because nothing has changed in a production environment.

It suddenly stopped working from a particular domain. In other domains, it is working without any issues.

Following is the error we are getting after making use of search/reverse-search api:

[cid:image001.png at 01D9C569.D23A14C0]


Shruti Dixit  Software Engineer


Email  shruti.dixit at rib-software.com


Phone  +91 253 6633999


[cid:blue-line_d40935b2-037b-4887-8d74-19a11bd1363f.png]


RIB Software | C1/1, A Road, NICE Area, Satpur, Nashik, Maharashtra, 422007, India


From: Nils Nolde <nils at gis-ops.com>
Sent: 02 August 2023 16:12
To: dev at openstreetmap.org
Subject: Re: [OSM-dev] Sudden CORS Error on Open Street Map API calls


[External email: Use caution with links and attachments]

________________________________



If a browser wants to do CORS on GET, then it's usually some unneeded request header causing that. See the CORS-safelisted request headers here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests

Cheers
Nils
On 02.08.23 12:32, Sarah Hoffmann via dev wrote:

On Wed, Aug 02, 2023 at 07:35:14AM +0000, Shruti Dixit via dev wrote:

Hi all,

·

We have implemented Open Street Map and It works great though.

·

We are facing some challenges while accessing Open Street Map API from our endpoint.

·

The error is as follows: CORS Error :

·

Access to XMLHttpRequest at 'https://nominatim.openstreetmap.org/search?                        format=json&q=vvvvv&limit=4' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight    response.

This looks good here:



me at machine:~/osm$ curl -I -X OPTIONS -H "Access-Control-Request-Method: GET" -H "Origin: http://  localhost:4200" "https://dulcy.openstreetmap.org/search?format=json&q=vvvvv&limit=4"<https://dulcy.openstreetmap.org/search?format=json&q=vvvvv&limit=4>

HTTP/2 204

server: nginx

date: Wed, 02 Aug 2023 10:16:54 GMT

content-type: text/plain charset=UTF-8

access-control-allow-origin: *

access-control-allow-methods: GET,OPTIONS



You need to be more specific about what you are doing and what CORS

headers exactly your software is expecting. The only recent change is

that we don't send access-control-allow-methods anymore with GET

requests but that should be according to spec.



We also send a 204 instead of 200 but that really shouldn't trip your

code.



Sarah



_______________________________________________

dev mailing list

dev at openstreetmap.org<mailto:dev at openstreetmap.org>

https://lists.openstreetmap.org/listinfo/dev
--
Nils Nolde
Developer / Co-Founder
Website:  https://gis-ops.com<https://gis-ops.com/>
Email:  nils at gis-ops.com<mailto:nils at gis-ops.com>
Phone:  +49 (0)178 5161 595 <tel%20+491785161595>
Mühlenstraße 8 a, 14167 Berlin <https://valhalla.openstreetmap.de/directions?profile=bicycle&wps=13.2618285%2C52.4299717>
[https://s3.eu-central-1.amazonaws.com/mysigmail/icons/new/github.png]<https://github.com/nilsnolde>
[https://s3.eu-central-1.amazonaws.com/mysigmail/icons/new/linkedin.png]<https://www.linkedin.com/in/nils-nolde-geophox/>
[https://www.iconsdb.com/icons/preview/white/twitter-xxl.png]<https://twitter.com/gis_ops>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20230802/61bd0e28/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 50288 bytes
Desc: image001.png
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20230802/61bd0e28/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blue-line_d40935b2-037b-4887-8d74-19a11bd1363f.png
Type: image/png
Size: 137 bytes
Desc: blue-line_d40935b2-037b-4887-8d74-19a11bd1363f.png
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20230802/61bd0e28/attachment-0003.png>

More information about the dev mailing list