Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-Origin Request blocked error while using Firefox/Safari #137

Open
swapna06 opened this issue Feb 29, 2024 · 0 comments
Open

Cross-Origin Request blocked error while using Firefox/Safari #137

swapna06 opened this issue Feb 29, 2024 · 0 comments

Comments

@swapna06
Copy link

swapna06 commented Feb 29, 2024
edited
Loading

Hi, Im getting below error when I tried using bitbucket.workspaces.getWorkspaces()
But im sure the issue exists in all the API calls.

Here is the error message

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.bitbucket.org/2.0/workspaces?pagelen=100. 

(Reason: header ‘user-agent’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response)

Upon looking up the code it seems like you are explicitly adding user-agent header to the request.
https://github.com/MunifTanjim/node-bitbucket/blob/master/src/endpoint/defaults.ts#L11

It doesn't look like this is compatible with browsers. I get the same error in Safari as well.
Chrome is being smart and stripping/ignoring to send this header in the request.
So the code works in Chrome but not in other browsers.

Further more I tried to use plain fetch APIs on browser to see if this is an issue is on bitbucket API side.
Using plain Fetch API works but using the library to make the same APi call doesn't work.

I'm attaching the comparison of fetch requests made by the library vs regular here. Hope this helps!

The fetch API call im using- (THIS WORKS)

await fetch('https://api.bitbucket.org/2.0/workspaces?pagelen=100', {
      headers: {
        // "User-Agent": "bitbucket.js/2.11.0", removing this to try in firefox
        Accept: 'application/json',
        'Accept-Language': 'en-US,en;q=0.5',
        authorization: 'Basic <OmittedAppTokenForSecurity>',
        'Sec-Fetch-Dest': 'empty',
        'Sec-Fetch-Mode': 'cors',
        'Sec-Fetch-Site': 'cross-site',
      },
      method: 'GET',
      mode: 'cors',
    });

VS
The network call made by the library- (THIS DOESNT WORK)

await fetch("https://api.bitbucket.org/2.0/workspaces?pagelen=100", {
  "credentials": "include",
  "headers": {
      "User-Agent": "bitbucket.js/2.11.0",
      "Accept": "application/json",
      "Accept-Language": "en-US,en;q=0.5",
      "authorization": "Basic <OmittedAppTokenForSecurity>",
      "Sec-Fetch-Dest": "empty",
      "Sec-Fetch-Mode": "cors",
      "Sec-Fetch-Site": "cross-site",
      "If-None-Match": "\"9a8039d8cac42bdebefe28aff6ff7f98\""
  },
  "referrer": "https://281422712546-gluestudio.us-west-2.console.aws-dev.amazon.com/",
  "method": "GET",
  "mode": "cors"
});

Is there a way to override these headers on our side?? Like a headers parameter we can pass to the API functions??
Let me know thanks!!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@swapna06