Hi,
My old javascript page to fetch games from lichess has stopped working. I am not an expert but I believe a header is missing from lichess side. Things work fine in curl so I'm assuming it is browser protection kicking in because no access-control header is sent back in the response?
expected by not present: Access-Control-Allow-Origin: *
Headers sent and received:
> GET /games/export/tailuge?max=1&evals=true&moves=true&opening=true HTTP/2
> Host: lichess.org
> Accept-Encoding: deflate, gzip
> authority: lichess.org
> accept: application/x-ndjson
> sec-fetch-dest: empty
> user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36
> origin: tailuge.github.io
> sec-fetch-site: cross-site
> sec-fetch-mode: cors
> referer: tailuge.github.io/chess-o-tron/public/openings/openingtree.html?player=tailuge&filter=&pages=1&colour=white&trim=true
> accept-language: en-GB,en-US;q=0.9,en;q=0.8
>
< HTTP/2 200
< server: nginx
< date: Sat, 15 Feb 2020 11:37:17 GMT
< content-type: application/x-ndjson
< content-disposition: attachment; filename=lichess_tailuge_2020-02-15.json
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< expect-ct: max-age=31536000, enforce, report-uri="monitor.lichess.ovh/report/ct"
< report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"monitor.lichess.ovh/report/default"}],"include_subdomains":true}
< nel: {"report_to":"default","max_age":31536000,"include_subdomains":true,"failure_fraction":0.001}
< x-frame-options: DENY
<
{"id":"fR3ds1ZY","rated":false..........
from:
tailuge.github.io/chess-o-tron/public/openings/openingtree.html
console:
Access to XMLHttpRequest at 'lichess.org/games/export/tailuge?max=1&evals=true&moves=true&opening=true' from origin 'tailuge.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My old javascript page to fetch games from lichess has stopped working. I am not an expert but I believe a header is missing from lichess side. Things work fine in curl so I'm assuming it is browser protection kicking in because no access-control header is sent back in the response?
expected by not present: Access-Control-Allow-Origin: *
Headers sent and received:
> GET /games/export/tailuge?max=1&evals=true&moves=true&opening=true HTTP/2
> Host: lichess.org
> Accept-Encoding: deflate, gzip
> authority: lichess.org
> accept: application/x-ndjson
> sec-fetch-dest: empty
> user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36
> origin: tailuge.github.io
> sec-fetch-site: cross-site
> sec-fetch-mode: cors
> referer: tailuge.github.io/chess-o-tron/public/openings/openingtree.html?player=tailuge&filter=&pages=1&colour=white&trim=true
> accept-language: en-GB,en-US;q=0.9,en;q=0.8
>
< HTTP/2 200
< server: nginx
< date: Sat, 15 Feb 2020 11:37:17 GMT
< content-type: application/x-ndjson
< content-disposition: attachment; filename=lichess_tailuge_2020-02-15.json
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< expect-ct: max-age=31536000, enforce, report-uri="monitor.lichess.ovh/report/ct"
< report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"monitor.lichess.ovh/report/default"}],"include_subdomains":true}
< nel: {"report_to":"default","max_age":31536000,"include_subdomains":true,"failure_fraction":0.001}
< x-frame-options: DENY
<
{"id":"fR3ds1ZY","rated":false..........
from:
tailuge.github.io/chess-o-tron/public/openings/openingtree.html
console:
Access to XMLHttpRequest at 'lichess.org/games/export/tailuge?max=1&evals=true&moves=true&opening=true' from origin 'tailuge.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.