Dear all,
I wrote a quick AngularJS app to get data from company’s FreeAgent (mainly
Timeslips) and produce a report.
We completely avoided any web server. The app was an HTML file, a .js file
and a couple of .css. Double clicking on the html, the app was opening in
the browser, and everything was working fine. Since a couple of weeks,
nothing is working anymore. (even if I put the app on a server)
The token request fails:
XMLHttpRequest cannot load
https://api.freeagent.com/v2/token_endpoint?grant_type=refresh_token&refresh_token=<hidden_for_security>.
Response to preflight request doesn’t pass access control check: A wildcard
‘*’ cannot be used in the ‘Access-Control-Allow-Origin’ header when the
credentials flag is true. Origin ‘http://localhost:8888’ is therefore not
allowed access.
The idea is that the Token request is raised by the .js (since no backend
code is available).
Do you have any idea why it suddenly stopped working?
Thank you
Andrea
I’m seeing the same thing in my app.On Thursday, 26 November 2015 09:10:22 UTC, Andrea Galbiati wrote:
Dear all,
I wrote a quick AngularJS app to get data from company’s FreeAgent (mainly
Timeslips) and produce a report.
We completely avoided any web server. The app was an HTML file, a .js file
and a couple of .css. Double clicking on the html, the app was opening in
the browser, and everything was working fine. Since a couple of weeks,
nothing is working anymore. (even if I put the app on a server)
The token request fails:
XMLHttpRequest cannot load
https://api.freeagent.com/v2/token_endpoint?grant_type=refresh_token&refresh_token=<hidden_for_security>.
Response to preflight request doesn’t pass access control check: A wildcard
‘*’ cannot be used in the ‘Access-Control-Allow-Origin’ header when the
credentials flag is true. Origin ‘http://localhost:8888’ is therefore not
allowed access.
The idea is that the Token request is raised by the .js (since no backend
code is available).
Do you have any idea why it suddenly stopped working?
Thank you
Andrea
Hi Andrea and Josh,
Firstly I’d like to offer our apologies for this - the possibility of users
making CORS requests with bearer tokens was not one we had taken into
account when making some recent changes to our CORS implementation.
I’ve just deployed a fix that we think should get things working again for
you. If you see any further problems please let me know and I’ll look into
it.
Thanks,
Paul.On Thursday, 26 November 2015 16:25:51 UTC, Josh Chisholm wrote:
I’m seeing the same thing in my app.
On Thursday, 26 November 2015 09:10:22 UTC, Andrea Galbiati wrote:
Dear all,
I wrote a quick AngularJS app to get data from company’s FreeAgent
(mainly Timeslips) and produce a report.
We completely avoided any web server. The app was an HTML file, a .js
file and a couple of .css. Double clicking on the html, the app was opening
in the browser, and everything was working fine. Since a couple of weeks,
nothing is working anymore. (even if I put the app on a server)
The token request fails:
XMLHttpRequest cannot load
https://api.freeagent.com/v2/token_endpoint?grant_type=refresh_token&refresh_token=<hidden_for_security>.
Response to preflight request doesn’t pass access control check: A wildcard
‘*’ cannot be used in the ‘Access-Control-Allow-Origin’ header when the
credentials flag is true. Origin ‘http://localhost:8888’ is therefore
not allowed access.
The idea is that the Token request is raised by the .js (since no backend
code is available).
Do you have any idea why it suddenly stopped working?
Thank you
Andrea