Goodreads Developers discussion
feature requests
>
cors access-control-allow-origin
date
newest »
newest »
Sorry about that Kevin. We'll consider adding this in the future.
+1Was surprised to run into this issue today. The API is essentially useless for modern web development without the CORS header.
Hi,Any news on this topic? I second Brett here.
I would also love to see this implementation! Wonder if any of the programmers over at Goodreads are taking at look at this issue as of late?
Any news? This would be really useful. I agree with Brett, CORS support is really necessary nowadays.
I had the same problem. I ended up using the Amazon API to get the image information. Note, if you go that route Amazon's images links are NOT CORS, but, you can easily find their CORS images by replacing ''https://images-na.ssl-images-amazon.com' with ''https://images-na.ssl-images-amazon.com'
Such a shame that this could be solved by adding one header to the response of the server but it is not being considered.
I can't believe this is still a thing in 2017
Nothing new on this? Cors is a big problem, specially if someone use, like me, angular4 to get the api requests. For the request is ok, but the headers in the response are wrong and it's impossible to use API with Angular4.
still not any cors headers, and no json :(
Interested in whether or not this is request is being seriously considered by Goodreads. Can we expect CORS compliant headers any time in the near future or is this simply a non-starter?
A workaround is to use http://cors-anywhere.herokuapp.com/use it as: http://cors-anywhere.herokuapp.com/ht...
@Jose I had some issues with your workaround in firefox and chrome, it works in localhostHere is my findings, hope this helps.
Blocked loading mixed active content “http://cors-anywhere.herokuapp.com/ht...”
Below are the steps that helped me resolve the issue.
1. replaced http:// with https://
Refer:
1. https://markitzeroday.com/x-requested...
Source code for reference:
var config = {headers: {"X-Requested-With" : "XMLHttpRequest"}};
axios.get("https://cors-anywhere.herokuapp.com/h..."+ this.grkey + "&q=" + this.keyword + '&page=' + this.page, config )
Any bets on whether or not 2019 will bring about the addition of the access-control-allow-origin header?
Steve wrote: "Any bets on whether or not 2019 will bring about the addition of the access-control-allow-origin header?"Since this has been asked for since 2016, and adding CORS headers takes 5minutes and it has not been done yet... I wouldn't bet a penny on this. I'll try the proxy solutions above...
This still an issue in 2019!It is becoming painfully obvious to me that since the purchase by Amazon, Goodreads is only meant to serve as a tool only for Amazon and not anyone else.
This API was never meant to be public.
Just started using this API. Why hasn't this been fixed yet?
Erik wrote: "Just started using this API. Why hasn't this been fixed yet?"Because they need the API to be as limited as possible while giving the impression that it is giving the public access to data it has helped created.
Are you all developing in a way that you cannot make the API calls from the server side? If you make the calls server side, then there is no problem with the CORS. This is only a problem for client side calls. Calling from client side is not ideal, especially if you are using OAUTH.
+1 - I encountered the same issue with an Angular app.
Still not solved in 2020. Using shopify and thus have to use Ajax. I used a proxy instead - https://cors-anywhere.herokuapp.com/ Hope this helps.
I'm also using https://cors-anywhere.herokuapp.com/ on my app. Just tried hitting the API without it, still getting the CORS error.
Some of the apis I want to hit directly are,
- https://www.goodreads.com/book/show
- https://www.goodreads.com/book/title
- https://www.goodreads.com/search/inde...
In the meantime I have had to create a proxy server on webtask.io to hit your site indirectly.