It appears that the allowed origins has changed, and I can no longer make cross origin requests through my website. When making a request, web browsers do a pre-flight OPTIONS with the following headers:
OPTIONS /segments.json?agencies=395 HTTP/1.1 Host: transloc-api-1-2.p.mashape.com User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: GET Access-Control-Request-Headers: x-mashape-key Origin: https://montclair.line72.net Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
This previously succeeded. The origin was accepted and the response came back with the Access-Control-Allow-Origin header. However, recently, this has stopped working, and only appears to work for a limited set of domains (origins). Through my testing, I have found the following origins are allowed:
Will this be opened back up to allow all origins? Without this, my web app cannot support the transloc api any more.
Thank you in advance.
Join in the discussion - add comment below: