[API Support] Javascript Web-App w/o Server

Alright!
I saw that the API was released, and like everyone else I called in sick from work so I could start hacking away at a new app. After signing up for my API key, I spun up a quick EmberJS web app, then wrote an Adapter and Route to start hitting the API with JSON requests. Then boom! CORS error. I though okay, cool, that makes sense because I’m running from localhost, so I deployed my instance to my Firebase server. BOOM! Similar CORS, this time still firing even though I swear I’m sending headers. I’m a pretty darned good front-end engineer, but I often struggle with back-end dev; when pressed, I work with PHP/Laravel or preferably Node. I came back to this forum to do a search and found that some good samaritan had already posted a Node module with endpoints… What is the API’s CORS policy, and has anyone writing a JS app found a way to break through it with client-side only code? I’m already setting up my Node instance, but I’d prefer a client side approach. Keep in mind I’m server-tarded and often need backend talk spelled out for me.
Thanks!
JJ [Guilty Spark]

I’ve also encountered this issue. By the looks of it neither CORS or JSONP are supported. The server doesn’t reply to OPTIONS requests for some reason, and the Access-Control headers are not used.

While it would be possible to create a 1-1 proxy server that does handle CORS, I think this should probably be marked as a bug.

Enabling CORS on ASP.NET Web

Thanks for the reply! This is a major PITA but I’m already halfway done with my Node wrapper… Possibly a decision they made over security concerns? I’d like it if they enabled an option for JSONP, on the endpoints at least, for future devs.

haloWaypoint.developerHappiness–

> 2535410099699773;3:
> Thanks for the reply! This is a major PITA but I’m already halfway done with my Node wrapper… Possibly a decision they made over security concerns? I’d like it if they enabled an option for JSONP, on the endpoints at least, for future devs.
>
> haloWaypoint.developerHappiness–

If you’re using Node JS feel free to make use of my node module: https://www.npmjs.com/package/haloapi.

It’s supports all endpoints and has test cases and everything :stuck_out_tongue:

Was this fixed? Trying to write an app in angular to port to iOS. CORS is ruining my entire life.

JavaScript examples on the site (haloapi.com) show client-side code… ok… considering they don’t work cause of CORS, lol…

Hello everybody!

Until now, we have not supported cross-origin resource sharing (CORS), because it can sometimes result in unintentional sharing of API subscription keys. But, we’ve heard from you that enabling CORS can significantly improve the development experience by allowing you to iterate & prototype more rapidly. Therefore, we’ve enabled CORS for that purpose.

Please take care to avoid using CORS in your production/final application. Remember that each developer is responsible for maintaining the security of your API key, per the Halo Game Data Terms of Use.

Please keep the feedback coming! Thanks!