Hello,
I am having problems with trying to use the oTree REST api from a different webpage (javascript).
Since it works perfectly when testing in postman, I'm guessing its an issue with CORS.
If I use mode: 'cors', i get:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I tried setting the required header, and a bunch of other recommended settings, but the problem still persisted.
If I use the mode: 'no-cors', i get:
Failed to load resource: the server responded with a status of 403 (Forbidden)
I'm kind of confused on what to do at this point. the 403 forbidden is returned to me if i set the 'otree-rest-key' or if i don't. I'm guessing that's because the no-cors returns an opaque response? I'm thinking I should probably get the mode: cors to work, but I'm not sure how, or if i even can.
Was the oTree REST api made and tested with cors in mind? Is there something on the oTree server side that is blocking me from acessing the api from a different website? Can I change it?
At this point I'm about to make my own mini php api to serve as the wrapper api for the otree's but that can't be the best way to do this...
Best Regards,
Rok