Skip to content

noembed.com doesn't have CORS policy setup  #132

Open
Open
noembed.com doesn't have CORS policy setup #132
@verybigelephants

Description

@verybigelephants
verybigelephants
opened on Jun 19, 2024

Steps to reproduce:

  • have a third party domain
  • try to embed video via javascript, like call request to https://noembed.com/embed?nowrap=on&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DrY-FJvRqK0E&_=1718791035622
  • you will get an error that noembed.com has not CORS configured:
Access to XMLHttpRequest at 'https://noembed.com/embed?nowrap=on&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DrY-FJvRqK0E&_=1718791035620' from origin 'https://yourdomain.com' has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions