Difference between SL Reseplanerare 3 and SL Platsuppslag
Hello,
I am having difficulty accessing some APIs such as SL Platsuppslag, but SL Reseplanerare 3 works fine with the exact same code executed from the same machine.
For SL Platsuppslag for instance, it seems it does not support CORS but SL Reseplanerare 3 does?
Namely this works:
let url = "https://api.sl.se/api2/TravelplannerV3/trip.json?lang=en&searchForArrival=0&key=" + self.apiKey + "&originId=" + stationA + "&destId=" + stationB;
fetch(url,{mode: 'cors', headers : {
'Accept': 'application/json',
'Origin' : 'https://app-settings.fitbitdevelopercontent.com'
}}).then(function(response) {
return response.json();
})
but this doesn't:
let url = "https://api.sl.se/api2/typeahead.json?key=" + self.acApiKey + "&searchstring=" + value + "&maxresults=4";
fetch(url, {mode: 'cors', headers: {
'Accept': 'application/json',
'Origin' : 'https://app-settings.fitbitdevelopercontent.com'
}}).then(function(response) {
Specifically I get this in my logs:
Fetch API cannot load https://api.sl.se/api2/typeahead.json?key=xyz&searchstring=edt&maxresults=4. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://app-settings.fitbitdevelopercontent.com' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Am I missing anything?
Thanks
I am having difficulty accessing some APIs such as SL Platsuppslag, but SL Reseplanerare 3 works fine with the exact same code executed from the same machine.
For SL Platsuppslag for instance, it seems it does not support CORS but SL Reseplanerare 3 does?
Namely this works:
let url = "https://api.sl.se/api2/TravelplannerV3/trip.json?lang=en&searchForArrival=0&key=" + self.apiKey + "&originId=" + stationA + "&destId=" + stationB;
fetch(url,{mode: 'cors', headers : {
'Accept': 'application/json',
'Origin' : 'https://app-settings.fitbitdevelopercontent.com'
}}).then(function(response) {
return response.json();
})
but this doesn't:
let url = "https://api.sl.se/api2/typeahead.json?key=" + self.acApiKey + "&searchstring=" + value + "&maxresults=4";
fetch(url, {mode: 'cors', headers: {
'Accept': 'application/json',
'Origin' : 'https://app-settings.fitbitdevelopercontent.com'
}}).then(function(response) {
Specifically I get this in my logs:
Fetch API cannot load https://api.sl.se/api2/typeahead.json?key=xyz&searchstring=edt&maxresults=4. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://app-settings.fitbitdevelopercontent.com' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Am I missing anything?
Thanks
Följ inlägget
0
följare
Thanks for a very good question! I'm not sure why one API supports CORS while another doesn't. I'm gonna assign the question to SL, it might be an oversight.
A bit off topic, and also targeted to people who will read this thread in the future, but please remember to be careful when using CORS. I was not personally involved during the decision to enable CORS for some APIs, but I'm guessing it was made so that people could launch a simple front-end application for personal use only. If you want to create a public application make sure not to send your API keys to clients.
// Kevin
Api.sl.se does not support CORS at the moment, and there is not decision to do so. It is likely that using it will have unpredictable results.
Regarding the difference in api's handling it we have not noticed it before and we will have a look at it, but you should not expect CORS to work.
Best regards
Erik B.
I have checked the headers from both api-calls.
Neither of them seem to return the Access-Control-Allow-Origin header which as I understand would be he case if CORS were enabled. Is there any specific reason for you to use mode: 'cors' on a "back-end" call? Have you tried to use mode: 'no-cors' as your error message suggests?
Best regards
Erik B.