Access-Control-Allow-Origin header

170 views
Skip to first unread message

Evan Tschuy

unread,
Nov 18, 2015, 11:10:40 PM11/18/15
to World Bank API
Hello!

I'm working on something that I want to use your API for, but I'm trying to use it in the browser. Unfortunately, it looks like it's not set up with CORS, so whenever I try to get something from it I get a "No 'Access-Control-Allow-Origin' header is present" error.

Would it be possible to get this header added to the API? For a read-only API it should be safe to just set the header to *. Otherwise, anyone have any suggestions for what to do in the mean time? I was thinking of just setting up a lightweight proxy that just added the header I need.

Thanks!

Evan

Tim Herzog

unread,
Dec 24, 2015, 12:39:19 PM12/24/15
to World Bank API
Evan, we've implemented the CORS headers to support cross-domain requests, as per your suggestion.  Thanks for bringing this up.

Cheers,
Tim

Feli Sánchez

unread,
Oct 5, 2016, 7:00:24 PM10/5/16
to World Bank API
Hi! I'm trying to use the API and I'm still getting the  'No Access-Control-Allow-Origin header is present" error. Is the CORS not working anymore???
Thank you for your help!

Tim Herzog

unread,
Oct 6, 2016, 6:47:11 AM10/6/16
to World Bank API
Hi Feli,

I just looked and the header is still there. What endpoint are you trying to use?

HTTP/1.1 200 OK

Date: Thu, 06 Oct 2016 10:44:42 GMT

Content-Type: text/xml; charset=UTF-8

Content-Length: 25864

Connection: keep-alive

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET

Access-Control-Allow-Headers: X-Requested-With

X-Powered-By: ASP.NET

eBrou

unread,
Jan 6, 2017, 11:56:56 PM1/6/17
to World Bank API
Hi Tim - I'm trying to use the climate data API and I'm also receiving the same error.  Can you please advise? 
Thanks in advance.  

Tim Herzog

unread,
Jan 8, 2017, 11:27:02 PM1/8/17
to World Bank API
Hello,

It appears the access control headers aren't included in the climate API. I can pass this on to the developers tomorrow and see if it's possible to add them.

Sarven Capadisli

unread,
Jan 9, 2017, 3:02:15 AM1/9/17
to world-b...@googlegroups.com
You should make sure to use value of the client's Origin header in your
response for the Access-Control-Allow-Origin value. Leaving it at *
doesn't always work, especially if the client makes the request
withCredentials.

-Sarven
http://csarven.ca/#i

On 2017-01-09 05:27, Tim Herzog wrote:
> Hello,
>
> It appears the access control headers aren't included in the climate
> API. I can pass this on to the developers tomorrow and see if it's
> possible to add them.
>
> On Friday, January 6, 2017 at 11:56:56 PM UTC-5, eBrou wrote:
>
> Hi Tim - I'm trying to use the climate data API and I'm also
> receiving the same error. Can you please advise?
> Thanks in advance.
>
> On Thursday, October 6, 2016 at 3:47:11 AM UTC-7, Tim Herzog wrote:
>
> Hi Feli,
>
> I just looked and the header is still there. What endpoint are
> you trying to use?
>
> curl -si http://api.worldbank.org/v2/en/country
> <http://api.worldbank.org/v2/en/country>
>
> HTTP/1.1 200 OK
>
> Date: Thu, 06 Oct 2016 10:44:42 GMT
>
> Content-Type: text/xml; charset=UTF-8
>
> Content-Length: 25864
>
> Connection: keep-alive
>
> Access-Control-Allow-Origin: *
>
> Access-Control-Allow-Methods: GET
>
> Access-Control-Allow-Headers: X-Requested-With
>
> X-Powered-By: ASP.NET <http://ASP.NET>
> --
> You received this message because you are subscribed to the Google
> Groups "World Bank API" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to world-bank-ap...@googlegroups.com
> <mailto:world-bank-ap...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.


eBrou

unread,
Jan 9, 2017, 10:14:00 PM1/9/17
to World Bank API
thank you!

fh

unread,
Jun 26, 2017, 9:29:38 AM6/26/17
to World Bank API
Hello,

I'm trying to access the GDP Data, but it seems that the CORS Headers are not set there:

http://api.worldbank.org/countries/de/indicators/NY.GDP.MKTP.CD?format=json

Connectionkeep-alive
Content-Length7955
Content-Typeapplication/json;charset=utf-8
DateMon, 26 Jun 2017 13:05:17 GMT
ServerApigee Router
Set-CookieTS019266c8=017189f9479f53a6dedf2b242e535b48b8befa2649e48d8d50013342847b37d3909d434659; Path=/
X-Powered-ByASP.NET

Can these please be added?

greetings

fabian

Tim Herzog

unread,
Jun 27, 2017, 9:55:30 AM6/27/17
to World Bank API
Fabian,

Use this endpoint for CORS support (and add "/v2" to other endpoints):

Reply all
Reply to author
Forward
0 new messages