I encountered a CORS issue when calling Subscan's API from the frontend website. I would like to confirm whether this is due to your API policy restrictions or if there is an issue with my calling method.
My calling scenario is as follows:
• Frontend site domain: demo.lunolab.xyz
• Requested API endpoint: polkadot.api.subscan.io/api/scan/account/tokens
• Calling method: The request is initiated directly from the browser frontend
The browser error message is as follows:
Access to fetch at 'polkadot.api.subscan.io/api/scan/account/tokens' from origin 'demo.lunolab.xyz' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I would like to confirm the following questions:
-
Is this API not originally supporting direct calls from the browser frontend? I previously called it without any issues.
-
Is it mandatory to call through a server-side proxy?
-
Is there an API or access method that supports frontend calls and has CORS enabled?
-
If frontend calls are supported, is it necessary to apply for a whitelist domain, or use specific request headers/configurations?
I encountered a CORS issue when calling Subscan's API from the frontend website. I would like to confirm whether this is due to your API policy restrictions or if there is an issue with my calling method.
My calling scenario is as follows:
• Frontend site domain: demo.lunolab.xyz
• Requested API endpoint: polkadot.api.subscan.io/api/scan/account/tokens
• Calling method: The request is initiated directly from the browser frontend
The browser error message is as follows:
Access to fetch at 'polkadot.api.subscan.io/api/scan/account/tokens' from origin 'demo.lunolab.xyz' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I would like to confirm the following questions:
Is this API not originally supporting direct calls from the browser frontend? I previously called it without any issues.
Is it mandatory to call through a server-side proxy?
Is there an API or access method that supports frontend calls and has CORS enabled?
If frontend calls are supported, is it necessary to apply for a whitelist domain, or use specific request headers/configurations?