Goodreads Developers

message 1: by Kevin (new)

Dec 21, 2015 08:07AM

I have been writing a javascript site to keep track of books my family reads. As part of this I have been trying to connect to the goodreads api to lookup books. Unfortunately GoodReads does not include the CORS header in ANY of their api calls. This causes the browser to think there is a CrossSite attack happening and not allowing my request to go through. I am hoping that you could open up some of your apis with the CORS headers.

Some of the apis I want to hit directly are,
- https://www.goodreads.com/book/show
- https://www.goodreads.com/book/title
- https://www.goodreads.com/search/inde...

In the meantime I have had to create a proxy server on webtask.io to hit your site indirectly.

reply | flag

message 2: by Michael (new)

Dec 21, 2015 10:18AM

Sorry about that Kevin. We'll consider adding this in the future.

reply | flag

message 3: by Brett (new)

Jan 05, 2016 01:42PM

+1

Was surprised to run into this issue today. The API is essentially useless for modern web development without the CORS header.

reply | flag

message 4: by Chikamichi (new)

May 24, 2016 05:30PM

Hi,

Any news on this topic? I second Brett here.

reply | flag

message 5: by Thomas (new)

May 24, 2016 05:41PM

I would also love to see this implementation! Wonder if any of the programmers over at Goodreads are taking at look at this issue as of late?

reply | flag

message 6: by Pablo (new)

Aug 12, 2016 11:17AM

Any news? This would be really useful. I agree with Brett, CORS support is really necessary nowadays.

reply | flag

message 7: by Darian B. Johnson (new)

Nov 13, 2016 09:11PM

I had the same problem. I ended up using the Amazon API to get the image information. Note, if you go that route Amazon's images links are NOT CORS, but, you can easily find their CORS images by replacing ''https://images-na.ssl-images-amazon.com' with ''https://images-na.ssl-images-amazon.com'

reply | flag

message 8: by Pablo (new)

Dec 26, 2016 05:13PM

Such a shame that this could be solved by adding one header to the response of the server but it is not being considered.

reply | flag

message 9: by Kemory (new)

May 03, 2017 09:36AM

I can't believe this is still a thing in 2017

reply | flag

message 10: by Thomas (new)

Jul 30, 2017 04:33AM

Thomas van Latum (thomasvl) | 1 comments

And still!

reply | flag

message 11: by Alex (new)

Aug 28, 2017 02:06AM

Nothing new on this? Cors is a big problem, specially if someone use, like me, angular4 to get the api requests. For the request is ok, but the headers in the response are wrong and it's impossible to use API with Angular4.

reply | flag

message 12: by Dennis (new)

Dec 20, 2017 12:15PM

Dennis Micheelsen (dennismi) | 1 comments

still not any cors headers, and no json :(

reply | flag

message 13: by Steve (new)

Jan 07, 2018 03:06PM

Interested in whether or not this is request is being seriously considered by Goodreads. Can we expect CORS compliant headers any time in the near future or is this simply a non-starter?

reply | flag

message 14: by Val (new)

Mar 16, 2018 02:35PM

Still in 2018 :(

reply | flag

message 15: by Jose (new)

Apr 24, 2018 07:20PM

A workaround is to use http://cors-anywhere.herokuapp.com/

use it as: http://cors-anywhere.herokuapp.com/ht...

reply | flag

message 16: by Siva (last edited Jun 11, 2018 11:21AM) (new)

Jun 11, 2018 11:20AM

@Jose I had some issues with your workaround in firefox and chrome, it works in localhost

Here is my findings, hope this helps.

Blocked loading mixed active content “http://cors-anywhere.herokuapp.com/ht...”

Below are the steps that helped me resolve the issue.

1. replaced http:// with https://
Refer:
1. https://markitzeroday.com/x-requested...

Source code for reference:
var config = {headers: {"X-Requested-With" : "XMLHttpRequest"}};
axios.get("https://cors-anywhere.herokuapp.com/h..."+ this.grkey + "&q=" + this.keyword + '&page=' + this.page, config )

reply | flag

message 17: by Steve (new)

Dec 15, 2018 05:44PM

Any bets on whether or not 2019 will bring about the addition of the access-control-allow-origin header?

reply | flag

message 18: by [deleted user] (new)

Jan 01, 2019 08:24AM

Steve wrote: "Any bets on whether or not 2019 will bring about the addition of the access-control-allow-origin header?"

Since this has been asked for since 2016, and adding CORS headers takes 5minutes and it has not been done yet... I wouldn't bet a penny on this. I'll try the proxy solutions above...

reply | flag

message 19: by Kemory (new)

Jan 04, 2019 10:17AM

This still an issue in 2019!

It is becoming painfully obvious to me that since the purchase by Amazon, Goodreads is only meant to serve as a tool only for Amazon and not anyone else.

This API was never meant to be public.

reply | flag

message 20: by Thong (new)

Jan 05, 2019 05:08PM

Nguyen Huu Thong (simzen85) | 1 comments

Still hasn't fixed in 2019

reply | flag

message 21: by Erik (new)

Jan 27, 2019 01:04PM

Just started using this API. Why hasn't this been fixed yet?

reply | flag

message 22: by Kemory (new)

Jan 27, 2019 08:05PM

Erik wrote: "Just started using this API. Why hasn't this been fixed yet?"

Because they need the API to be as limited as possible while giving the impression that it is giving the public access to data it has helped created.

reply | flag

message 23: by Joeffison (new)

Jan 28, 2019 11:07AM

Also facing the same issue.

reply | flag

message 24: by Carlos (new)

Feb 01, 2019 12:37PM

+1

reply | flag

message 25: by Catie (new)

Jan 05, 2020 03:06PM

Also facing this issue

reply | flag

message 26: by Jacopo (new)

Feb 05, 2020 06:45AM

+1

reply | flag

message 27: by Rick (new)

Feb 05, 2020 09:26AM

Are you all developing in a way that you cannot make the API calls from the server side? If you make the calls server side, then there is no problem with the CORS. This is only a problem for client side calls. Calling from client side is not ideal, especially if you are using OAUTH.

reply | flag

message 28: by Gabriel (new)

Mar 29, 2020 08:08AM