Goodreads Developers discussion

feature requests > cors access-control-allow-origin

Comments Showing 1-30 of 30 (30 new)    post a comment »
dateDown arrow    newest »

message 1: by Kevin (new)

Kevin | 2 comments I have been writing a javascript site to keep track of books my family reads. As part of this I have been trying to connect to the goodreads api to lookup books. Unfortunately GoodReads does not include the CORS header in ANY of their api calls. This causes the browser to think there is a CrossSite attack happening and not allowing my request to go through. I am hoping that you could open up some of your apis with the CORS headers.

Some of the apis I want to hit directly are,

In the meantime I have had to create a proxy server on to hit your site indirectly.

message 2: by Michael (new)

Michael Economy (michaeleconomy) Sorry about that Kevin. We'll consider adding this in the future.

message 3: by Brett (new)

Brett | 1 comments +1

Was surprised to run into this issue today. The API is essentially useless for modern web development without the CORS header.

message 4: by Chikamichi (new)

Chikamichi | 1 comments Hi,

Any news on this topic? I second Brett here.

message 5: by Thomas (new)

Thomas Jacob Jr. (djlorbo) | 1 comments I would also love to see this implementation! Wonder if any of the programmers over at Goodreads are taking at look at this issue as of late?

message 6: by Pablo (new)

Pablo Sanfilippo | 3 comments Any news? This would be really useful. I agree with Brett, CORS support is really necessary nowadays.

Darian B. Johnson | 2 comments I had the same problem. I ended up using the Amazon API to get the image information. Note, if you go that route Amazon's images links are NOT CORS, but, you can easily find their CORS images by replacing ''' with '''

message 8: by Pablo (new)

Pablo Sanfilippo | 3 comments Such a shame that this could be solved by adding one header to the response of the server but it is not being considered.

message 9: by Kemory (new)

Kemory Grubb | 8 comments I can't believe this is still a thing in 2017

message 10: by Thomas (new)

Thomas van Latum (thomasvl) | 1 comments And still!

message 11: by Alex (new)

Alex Obreja | 1 comments Nothing new on this? Cors is a big problem, specially if someone use, like me, angular4 to get the api requests. For the request is ok, but the headers in the response are wrong and it's impossible to use API with Angular4.

message 12: by Dennis (new)

Dennis Micheelsen (dennismi) | 1 comments still not any cors headers, and no json :(

message 13: by Steve (new)

Steve Brown | 2 comments Interested in whether or not this is request is being seriously considered by Goodreads. Can we expect CORS compliant headers any time in the near future or is this simply a non-starter?

message 14: by Val (new)

Val Saven (valsaven) | 1 comments Still in 2018 :(

message 16: by Siva (last edited Jun 11, 2018 11:21AM) (new)

Siva | 1 comments @Jose I had some issues with your workaround in firefox and chrome, it works in localhost

Here is my findings, hope this helps.

Blocked loading mixed active content “

Below are the steps that helped me resolve the issue.

1. replaced http:// with https://

Source code for reference:
var config = {headers: {"X-Requested-With" : "XMLHttpRequest"}};
axios.get(""+ this.grkey + "&q=" + this.keyword + '&page=' +, config )

message 17: by Steve (new)

Steve Brown | 2 comments Any bets on whether or not 2019 will bring about the addition of the access-control-allow-origin header?

message 18: by Christian (new)

Christian Marois | 1 comments Steve wrote: "Any bets on whether or not 2019 will bring about the addition of the access-control-allow-origin header?"

Since this has been asked for since 2016, and adding CORS headers takes 5minutes and it has not been done yet... I wouldn't bet a penny on this. I'll try the proxy solutions above...

message 19: by Kemory (new)

Kemory Grubb | 8 comments This still an issue in 2019!

It is becoming painfully obvious to me that since the purchase by Amazon, Goodreads is only meant to serve as a tool only for Amazon and not anyone else.

This API was never meant to be public.

message 20: by Thong (new)

Nguyen Huu Thong (simzen85) | 1 comments Still hasn't fixed in 2019

message 21: by Erik (new)

Erik Parsons | 1 comments Just started using this API. Why hasn't this been fixed yet?

message 22: by Kemory (new)

Kemory Grubb | 8 comments Erik wrote: "Just started using this API. Why hasn't this been fixed yet?"

Because they need the API to be as limited as possible while giving the impression that it is giving the public access to data it has helped created.

message 23: by Joeffison (new)

Joeffison Andrade | 1 comments Also facing the same issue.

message 24: by Carlos (new)

Carlos (feasiblehope) | 1 comments +1

message 25: by Catie (new)

Catie Cowden (k8edev) | 1 comments Also facing this issue

message 26: by Jacopo (new)

Jacopo Lanzoni | 1 comments +1

message 27: by Rick (new)

Rick Brose (headrollsoff) | 7 comments Are you all developing in a way that you cannot make the API calls from the server side? If you make the calls server side, then there is no problem with the CORS. This is only a problem for client side calls. Calling from client side is not ideal, especially if you are using OAUTH.

message 28: by Gabriel (new)

Gabriel Felvinczi (imgaf) | 1 comments +1 - I encountered the same issue with an Angular app.

message 29: by Vishwesh (new)

Vishwesh Shukla | 1 comments Still not solved in 2020. Using shopify and thus have to use Ajax. I used a proxy instead -

Hope this helps.

message 30: by Ben (new)

Ben Rombaut | 2 comments I'm also using on my app. Just tried hitting the API without it, still getting the CORS error.

back to top