Access to fetch at ‘https://boostfloral.discourse.group/categories.json?’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Request header field API-key is not allowed by Access-Control-Allow-Headers in preflight response.
Getting the above issue when I am trying to call the discourse APIs. I have already added an SSL certificate to my servers. I am adding the CORS options present on my admin panel but still getting this issue.
Has anyone faced something like this and could help me what is the way out of this???
Is it a User API Key? If I’m not wrong, it should be
Now I am getting the below response.
Access to fetch at ‘https://boostfloral.discourse.group/latest.json?order=default&ascending=false’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Request header field api-username is not allowed by Access-Control-Allow-Headers in preflight response.
If you’re trying to consume the Admin API (as opposed User API), the header fields required are
For me, I’m still trying to figure out how as well. I just want to pull a .json response that’s publicly available.
If it’s public then configuring CORS should suffice and you should not need to bother with API keys at all.
@fahadaslam98 as @RGJ said, if the CORS is properly configured then removing the API keys from the headers should work,