It appears that the allowed origins has changed, and I can no longer make cross origin requests through my website. When making a request, web browsers do a pre-flight OPTIONS with the following headers:
OPTIONS /segments.json?agencies=395 HTTP/1.1 Host: transloc-api-1-2.p.mashape.com User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: GET Access-Control-Request-Headers: x-mashape-key Origin: https://montclair.line72.net Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
This previously succeeded. The origin was accepted and the response came back with the Access-Control-Allow-Origin header. However, recently, this has stopped working, and only appears to work for a limited set of domains (origins). Through my testing, I have found the following origins are allowed:
Will this be opened back up to allow all origins? Without this, my web app cannot support the transloc api any more.
Thank you in advance.
Doe mee aan de discussie - voeg hieronder een opmerking toe