Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Skip to first unread message
Juhani Jaakola
Jun 15, 2023, 12:24:59 PM6/15/23
to road.digitraffic.fi
I have created a simple HTML page which fetches weather data via JavaScript from tie.digitraffic.fi and displays it in a concise form. I call my HTML page from a browser with the file: protocol - that is, I don't use a HTTP server at all for my page. This has worked fine for a long time, but in June I get errors related to CORS.
In Midori I get errors:
Origin null is not allowed by Access-Control-Allow-Origin. Status code: 404
XMLHttpRequest cannot load http://tie.digitraffic.fi/api/v1/data/weather-data/2009 due to access control checks.
Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. Status code: 404
XMLHttpRequest cannot load http://tie.digitraffic.fi/api/v1/data/weather-data/2009 due to access control checks.
Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. Status code: 404
And in Firefox I get errors too:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://tie.digitraffic.fi/api/v1/data/weather-data/2006. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 404.
A similar page that calls address api.digitransit.fi works fine even the with file: protocol. However, I have added the digitransit-subscription-key header. My call to tie.digitraffic.fi does not have that header.
road.digitraffic.fi
Jun 16, 2023, 1:48:00 AM6/16/23
to road.digitraffic.fi
Hello and thank you for your message
It looks like you are using a deprecated api. Correct url is https://tie.digitraffic.fi/api/weather/v1/stations/2009/data
You can read the API-documentation here: https://tie.digitraffic.fi/swagger/
I advice you to subscribe to our status page at https://status.digitraffic.fi/ to get notifications of deprecations and other breaks.
I also recommend you to add user headers to requests if they are not in place already. See: https://www.digitraffic.fi/en/support/instructions/#headers-to-identify-the-application
Ystävällisin terveisin / Best regards
– Digitraffic asiakastuki / Digitraffic support –
– Digitraffic asiakastuki / Digitraffic support –
Juhani Jaakola
Jun 20, 2023, 4:46:28 AM6/20/23
to road.digitraffic.fi
Hi!
OK, I did not know about deprecation of that API.
However, the error messages ("Cross-Origin Request Blocked") do not
suggest deprecation. They refer to server-side settings, if I
understand correctly.
If the API is deprecated, wouldn't it be better to give an error (or
warning if using it is still allowed despite of deprecation) that is
more descriptive?
If using the old API is still allowed despite of deprecation, could
you please change server side settings so that CORS is allowed?
Regards, JJ
On 6/16/23, road.digitraffic.fi <roaddigi...@googlegroups.com> wrote:
> Hello and thank you for your message
>
> It looks like you are using a deprecated api. Correct url is
> https://tie.digitraffic.fi/api/weather/v1/stations/2009/data
> You can read the API-documentation here:
> https://tie.digitraffic.fi/swagger/
> I advice you to subscribe to our status page at
> https://status.digitraffic.fi/ to get notifications of deprecations and
> other breaks.
>
> I also recommend you to add user headers to requests if they are not in
> place already. See:
> https://www.digitraffic.fi/en/support/instructions/#headers-to-identify-the-application
>
>
> *Ystävällisin terveisin / Best regards– Digitraffic asiakastuki /
> Digitraffic support –*
> --
> Digitraffic – Ajantasaista avointa liikennetietoa sovelluskehitykseen Suomen
> tie-, rautatie- ja vesiliikenteestä.
> https://www.digitraffic.fi/
>
> Digitraffic – Information about open data for application development from
> Finnish road, railway and marine.
> https://www.digitraffic.fi/en/
> ---
> Sait tämän viestin, koska olet tilannut aiheen seuraavassa Google-ryhmässä:
> road.digitraffic.fi.
> Peru aiheen tilaus osoitteessa
> https://groups.google.com/d/topic/roaddigitrafficfi/O8rr7FS-v9Q/unsubscribe.
> Jos haluat peruuttaa tämän ryhmän ja sen kaikkien aiheiden tilauksen, lähetä
> sähköpostia osoitteeseen roaddigitraffi...@googlegroups.com.
> Jos haluat tarkastella tätä keskustelua verkossa, siirry osoitteeseen
> https://groups.google.com/d/msgid/roaddigitrafficfi/2cf556c7-3730-4784-9742-d4c2cc1bc29en%40googlegroups.com.
>
OK, I did not know about deprecation of that API.
However, the error messages ("Cross-Origin Request Blocked") do not
suggest deprecation. They refer to server-side settings, if I
understand correctly.
If the API is deprecated, wouldn't it be better to give an error (or
warning if using it is still allowed despite of deprecation) that is
more descriptive?
If using the old API is still allowed despite of deprecation, could
you please change server side settings so that CORS is allowed?
Regards, JJ
On 6/16/23, road.digitraffic.fi <roaddigi...@googlegroups.com> wrote:
> Hello and thank you for your message
>
> It looks like you are using a deprecated api. Correct url is
> https://tie.digitraffic.fi/api/weather/v1/stations/2009/data
> You can read the API-documentation here:
> https://tie.digitraffic.fi/swagger/
> I advice you to subscribe to our status page at
> https://status.digitraffic.fi/ to get notifications of deprecations and
> other breaks.
>
> I also recommend you to add user headers to requests if they are not in
> place already. See:
> https://www.digitraffic.fi/en/support/instructions/#headers-to-identify-the-application
>
>
> Digitraffic support –*
> Digitraffic – Ajantasaista avointa liikennetietoa sovelluskehitykseen Suomen
> tie-, rautatie- ja vesiliikenteestä.
> https://www.digitraffic.fi/
>
> Digitraffic – Information about open data for application development from
> Finnish road, railway and marine.
> https://www.digitraffic.fi/en/
> ---
> Sait tämän viestin, koska olet tilannut aiheen seuraavassa Google-ryhmässä:
> road.digitraffic.fi.
> Peru aiheen tilaus osoitteessa
> https://groups.google.com/d/topic/roaddigitrafficfi/O8rr7FS-v9Q/unsubscribe.
> Jos haluat peruuttaa tämän ryhmän ja sen kaikkien aiheiden tilauksen, lähetä
> sähköpostia osoitteeseen roaddigitraffi...@googlegroups.com.
> Jos haluat tarkastella tätä keskustelua verkossa, siirry osoitteeseen
> https://groups.google.com/d/msgid/roaddigitrafficfi/2cf556c7-3730-4784-9742-d4c2cc1bc29en%40googlegroups.com.
>
road.digitraffic.fi
Jun 20, 2023, 5:25:37 AM6/20/23
to road.digitraffic.fi
Hi
The old API is no longer there and it has been removed. It seems that the error pages do not have the correct CORS-headers. I'll make a ticket for that and we'll fix it at some point.
Ystävällisin terveisin / Best regards
– Digitraffic asiakastuki / Digitraffic support –
– Digitraffic asiakastuki / Digitraffic support –
Juhani Jaakola
Jun 22, 2023, 4:54:38 PM6/22/23
to road.digitraffic.fi
Hi!
OK, thanks!
I rewrote my HTML page to use the new API. Then I added the header
Digitraffic-User to my code and got a CORS error again. When I removed
the header, it worked again. Perhaps the header caused an error and
your error page is still missing the correct CORS-headers...
This JavaSript code works:
let url = 'https://tie.digitraffic.fi/api/weather/v1/stations/'+id;
let headers = {
headers: {
// 'Digitraffic-User': 'dotcomconsulting/tiesaa-Pori-3',
}
};
try {
let res = await fetch(url,headers);
But if I remove the // then I get CORS errors.
Regards, JJ
On 6/20/23, road.digitraffic.fi <roaddigi...@googlegroups.com> wrote:
> Hi
>
> The old API is no longer there and it has been removed. It seems that the
> error pages do not have the correct CORS-headers. I'll make a ticket for
> that and we'll fix it at some point.
>
>
> https://groups.google.com/d/msgid/roaddigitrafficfi/6f13eec9-7bbb-411f-b740-e2698e39d9c2n%40googlegroups.com.
>
OK, thanks!
I rewrote my HTML page to use the new API. Then I added the header
Digitraffic-User to my code and got a CORS error again. When I removed
the header, it worked again. Perhaps the header caused an error and
your error page is still missing the correct CORS-headers...
This JavaSript code works:
let url = 'https://tie.digitraffic.fi/api/weather/v1/stations/'+id;
let headers = {
headers: {
// 'Digitraffic-User': 'dotcomconsulting/tiesaa-Pori-3',
}
};
try {
let res = await fetch(url,headers);
But if I remove the // then I get CORS errors.
Regards, JJ
On 6/20/23, road.digitraffic.fi <roaddigi...@googlegroups.com> wrote:
> Hi
>
> The old API is no longer there and it has been removed. It seems that the
> error pages do not have the correct CORS-headers. I'll make a ticket for
> that and we'll fix it at some point.
>
>
>
road.digitraffic.fi
Jun 26, 2023, 5:37:48 AM6/26/23
to road.digitraffic.fi
Hi
I tried to reproduce this with some command line magic:
And I do get the CORS headers with both:
< Access-Control-Allow-Origin: *
< access-control-allow-methods: GET, POST, OPTIONS
< access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
< access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
< access-control-allow-methods: GET, POST, OPTIONS
< access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
< access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
Could this be some feature of fetch? If you use any other header, do you then also get the CORS error?
Ystävällisin terveisin / Best regards
– Digitraffic asiakastuki / Digitraffic support –
– Digitraffic asiakastuki / Digitraffic support –
Juhani Jaakola
Jun 26, 2023, 9:42:28 AM6/26/23
to road.digitraffic.fi
Hi!
Interestingly, it seems to happen with any header! For example, I get
the error if I use header X-Digitraffic-User!
I made another test. I took the JavaScript example from page
https://www.digitraffic.fi/tuki/ohjeita/ and made some minor changes -
the example seems to use a deprecated API? The code runs fine from
node.js, but not from Firefox. If I execute the HTML file in Firefox
with URL file:///home/jj/proj/tiesaa/example2.html (note the file:
protocol) I get error:
Cross-Origin Request Blocked: The Same Origin Policy disallows
reading the remote resource at
https://tie.digitraffic.fi/api/weather/v1/stations/2009. (Reason: CORS
header ‘Access-Control-Allow-Origin’ missing). Status code: 403.
I execute the Node.js version with command "node example2.js".
Both files are attached in this message. Remove the .txt suffix from both files.
I use the following versions in Fedora 38:
nodejs-18.16.0-8.fc38.x86_64
firefox-114.0.2-1.fc38.x86_64
Regards, JJ
On 6/26/23, road.digitraffic.fi <roaddigi...@googlegroups.com> wrote:
> Hi
>
> I tried to reproduce this with some command line magic:
>
> curl -v --http1.1 --compressed "
> https://tie.digitraffic.fi/api/weather/v1/stations/2009" curl -v --http1.1
> --compressed -H "Digitraffic-User: digitraffic-cors-test" "
> https://tie.digitraffic.fi/api/weather/v1/stations/2009"
>
> And I do get the CORS headers with both:
>
> < Access-Control-Allow-Origin: *
> < access-control-allow-methods: GET, POST, OPTIONS
> < access-control-allow-headers:
> DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
> < access-control-expose-headers:
> DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
>
> Could this be some feature of fetch? If you use any other header, do you
> then also get the CORS error?
>
>
>> https://groups.google.com/d/msgid/roaddigitrafficfi/6f13eec9-7bbb-411f-b740-e2698e39d9c2n%40googlegroups.com
>
Interestingly, it seems to happen with any header! For example, I get
the error if I use header X-Digitraffic-User!
I made another test. I took the JavaScript example from page
https://www.digitraffic.fi/tuki/ohjeita/ and made some minor changes -
the example seems to use a deprecated API? The code runs fine from
node.js, but not from Firefox. If I execute the HTML file in Firefox
with URL file:///home/jj/proj/tiesaa/example2.html (note the file:
protocol) I get error:
Cross-Origin Request Blocked: The Same Origin Policy disallows
reading the remote resource at
header ‘Access-Control-Allow-Origin’ missing). Status code: 403.
I execute the Node.js version with command "node example2.js".
Both files are attached in this message. Remove the .txt suffix from both files.
I use the following versions in Fedora 38:
nodejs-18.16.0-8.fc38.x86_64
firefox-114.0.2-1.fc38.x86_64
Regards, JJ
On 6/26/23, road.digitraffic.fi <roaddigi...@googlegroups.com> wrote:
> Hi
>
> I tried to reproduce this with some command line magic:
>
> curl -v --http1.1 --compressed "
> https://tie.digitraffic.fi/api/weather/v1/stations/2009" curl -v --http1.1
> --compressed -H "Digitraffic-User: digitraffic-cors-test" "
> https://tie.digitraffic.fi/api/weather/v1/stations/2009"
>
> And I do get the CORS headers with both:
>
> < Access-Control-Allow-Origin: *
> < access-control-allow-methods: GET, POST, OPTIONS
> < access-control-allow-headers:
> DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
> < access-control-expose-headers:
> DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Digitraffic-User
>
> Could this be some feature of fetch? If you use any other header, do you
> then also get the CORS error?
>
>
>> .
>> >
>>
>
> --
> Digitraffic – Ajantasaista avointa liikennetietoa sovelluskehitykseen Suomen
> tie-, rautatie- ja vesiliikenteestä.
> https://www.digitraffic.fi/
>
> Digitraffic – Information about open data for application development from
> Finnish road, railway and marine.
> https://www.digitraffic.fi/en/
> ---
> Sait tämän viestin, koska olet tilannut aiheen seuraavassa Google-ryhmässä:
> road.digitraffic.fi.
> Peru aiheen tilaus osoitteessa
> https://groups.google.com/d/topic/roaddigitrafficfi/O8rr7FS-v9Q/unsubscribe.
> Jos haluat peruuttaa tämän ryhmän ja sen kaikkien aiheiden tilauksen, lähetä
> sähköpostia osoitteeseen roaddigitraffi...@googlegroups.com.
> Jos haluat tarkastella tätä keskustelua verkossa, siirry osoitteeseen
> https://groups.google.com/d/msgid/roaddigitrafficfi/eb2ba6dc-53ec-4421-94d1-304c0dd75430n%40googlegroups.com.
>> >
>>
>
> --
> Digitraffic – Ajantasaista avointa liikennetietoa sovelluskehitykseen Suomen
> tie-, rautatie- ja vesiliikenteestä.
> https://www.digitraffic.fi/
>
> Digitraffic – Information about open data for application development from
> Finnish road, railway and marine.
> https://www.digitraffic.fi/en/
> ---
> Sait tämän viestin, koska olet tilannut aiheen seuraavassa Google-ryhmässä:
> road.digitraffic.fi.
> Peru aiheen tilaus osoitteessa
> https://groups.google.com/d/topic/roaddigitrafficfi/O8rr7FS-v9Q/unsubscribe.
> Jos haluat peruuttaa tämän ryhmän ja sen kaikkien aiheiden tilauksen, lähetä
> sähköpostia osoitteeseen roaddigitraffi...@googlegroups.com.
> Jos haluat tarkastella tätä keskustelua verkossa, siirry osoitteeseen
>
Juhani Jaakola
Jun 26, 2023, 12:19:52 PM6/26/23
to road.digitraffic.fi
Hi!
Here is some additional info:
When using file: protocol to execute a JavaScript fetch() with header
Digitraffic-User, the error message displayed by the Midori browser
is:
[Error] Preflight response is not successful. Status code: 403
[Error] Fetch API cannot load
https://tie.digitraffic.fi/api/weather/v1/stations/2020 due to access
control checks.
[Error] Failed to load resource: Preflight response is not successful.
Status code: 403 (2020, line 0)
The preflight refers to an OPTIONS request that the browser makes to
the server before it makes the actual GET request. And the response
from the server to the OPTIONS request is missing the CORS header
‘Access-Control-Allow-Origin’. This is the Firefox error message:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at
https://tie.digitraffic.fi/api/weather/v1/stations/2020. (Reason: CORS
tiesaa-Pori-3.html:1 Access to fetch at
'https://tie.digitraffic.fi/api/weather/v1/stations/2020' from origin
'null' has been blocked by CORS policy: Response to preflight request
doesn't pass access control check: No 'Access-Control-Allow-Origin'
header is present on the requested resource. If an opaque response
serves your needs, set the request's mode to 'no-cors' to fetch the
resource with CORS disabled.
Regards, JJ
Here is some additional info:
When using file: protocol to execute a JavaScript fetch() with header
Digitraffic-User, the error message displayed by the Midori browser
is:
[Error] Preflight response is not successful. Status code: 403
[Error] Fetch API cannot load
https://tie.digitraffic.fi/api/weather/v1/stations/2020 due to access
control checks.
[Error] Failed to load resource: Preflight response is not successful.
Status code: 403 (2020, line 0)
The preflight refers to an OPTIONS request that the browser makes to
the server before it makes the actual GET request. And the response
from the server to the OPTIONS request is missing the CORS header
‘Access-Control-Allow-Origin’. This is the Firefox error message:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at
header ‘Access-Control-Allow-Origin’ missing). Status code: 403
And Vivaldi gives this error message:
tiesaa-Pori-3.html:1 Access to fetch at
'https://tie.digitraffic.fi/api/weather/v1/stations/2020' from origin
'null' has been blocked by CORS policy: Response to preflight request
doesn't pass access control check: No 'Access-Control-Allow-Origin'
header is present on the requested resource. If an opaque response
serves your needs, set the request's mode to 'no-cors' to fetch the
resource with CORS disabled.
Regards, JJ
Juhani Jaakola
Jun 27, 2023, 1:22:50 PM6/27/23
to road.digitraffic.fi
Hi!
Seems that CORS-safelisted headers (see
https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header)
are allowed. If I swap the // comments, the request fails with error
"CORS header ‘Access-Control-Allow-Origin’ missing".
headers: {
// 'Digitraffic-User': 'dotcomconsulting/tiesaa-Pori-3',
'Content-Language': 'de-DE',
Remember that I launch my HTML page with the file: protocol (URL
file:///home/jj/proj/tiesaa/tiesaa-Pori-3.html). I need to use file:
because I do not have a public WWW server. With file: I can download
the HTML file to my Android phone and call the page without having to
store it on a public WWW server.
Seems that CORS-safelisted headers (see
https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header)
are allowed. If I swap the // comments, the request fails with error
"CORS header ‘Access-Control-Allow-Origin’ missing".
headers: {
// 'Digitraffic-User': 'dotcomconsulting/tiesaa-Pori-3',
Remember that I launch my HTML page with the file: protocol (URL
file:///home/jj/proj/tiesaa/tiesaa-Pori-3.html). I need to use file:
because I do not have a public WWW server. With file: I can download
the HTML file to my Android phone and call the page without having to
store it on a public WWW server.
road.digitraffic.fi
Jun 30, 2023, 5:27:08 AM6/30/23
to road.digitraffic.fi
Hi!
We had a bug in our code but this issue is now fixed.
I run the following code in Firefox and it did run successfully:
const res = await fetch('https://tie.digitraffic.fi/api/weather/v1/stations/2009', {headers: {'Digitraffic-User': 'digitraffic-cors-test'}});
await res.json();
Juhani Jaakola
Jun 30, 2023, 5:45:31 AM6/30/23
to road.digitraffic.fi
Hi!
Thanks, now my JavaScript code works with the Digitraffic-User header!
Regards, Juhani Jaakola, Dot Com Consulting
>> https://groups.google.com/d/msgid/roaddigitrafficfi/eb2ba6dc-53ec-4421-94d1-304c0dd75430n%40googlegroups.com
>
Thanks, now my JavaScript code works with the Digitraffic-User header!
Regards, Juhani Jaakola, Dot Com Consulting
>> .
>> >>>
>> >>
>> >
>>
>
> --
> Digitraffic – Ajantasaista avointa liikennetietoa sovelluskehitykseen Suomen
> tie-, rautatie- ja vesiliikenteestä.
> https://www.digitraffic.fi/
>
> Digitraffic – Information about open data for application development from
> Finnish road, railway and marine.
> https://www.digitraffic.fi/en/
> ---
> Sait tämän viestin, koska olet tilannut aiheen seuraavassa Google-ryhmässä:
> road.digitraffic.fi.
> Peru aiheen tilaus osoitteessa
> https://groups.google.com/d/topic/roaddigitrafficfi/O8rr7FS-v9Q/unsubscribe.
> Jos haluat peruuttaa tämän ryhmän ja sen kaikkien aiheiden tilauksen, lähetä
> sähköpostia osoitteeseen roaddigitraffi...@googlegroups.com.
> Jos haluat tarkastella tätä keskustelua verkossa, siirry osoitteeseen
> https://groups.google.com/d/msgid/roaddigitrafficfi/48dbc257-9600-45c8-8704-3cfa34ee77d2n%40googlegroups.com.
>> >>>
>> >>
>> >
>>
>
> --
> Digitraffic – Ajantasaista avointa liikennetietoa sovelluskehitykseen Suomen
> tie-, rautatie- ja vesiliikenteestä.
> https://www.digitraffic.fi/
>
> Digitraffic – Information about open data for application development from
> Finnish road, railway and marine.
> https://www.digitraffic.fi/en/
> ---
> Sait tämän viestin, koska olet tilannut aiheen seuraavassa Google-ryhmässä:
> road.digitraffic.fi.
> Peru aiheen tilaus osoitteessa
> https://groups.google.com/d/topic/roaddigitrafficfi/O8rr7FS-v9Q/unsubscribe.
> Jos haluat peruuttaa tämän ryhmän ja sen kaikkien aiheiden tilauksen, lähetä
> sähköpostia osoitteeseen roaddigitraffi...@googlegroups.com.
> Jos haluat tarkastella tätä keskustelua verkossa, siirry osoitteeseen
>
Reply all
Reply to author
Forward
0 new messages