Search code examples
corsjwplayer7

JW Player (api.jwplatform.com) - CORS issues

I am having troubles in using JW Platform services in a web app developed with Angular2.

Should I assume that JWplayer don't properly manage CORS request on the 'api.jwplatform.com' end point?

Here is the case. I'm sending the following request

Request URL:https://api.jwplatform.com/v1/channels/list/?api_format=xml&api_key=BNgTpOY5&api_nonce=33502681&api_timestamp=1487003685&types_filter=manual&api_signature=287df9d7dcefaf9bcae656c518a4cc29718bcaeb
Request Method:GET
Status Code:200 OK
Remote Address:10.68.96.40:8080

these are the request headers:

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2,de;q=0.2,es;q=0.2
Connection:keep-alive
Host:api.jwplatform.com
Origin:https://mydomain
Referer:https://mydomain/channels
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

were mydomain is of course the domain from which I am sending the request.

Below the response headers I get from the end-point:

Cache-Control:no-cache
Connection:keep-alive
Content-Length:3847
Content-Type:application/xml; charset=utf-8
Date:Mon, 13 Feb 2017 16:34:46 GMT
Pragma:no-cache
Server:openresty
X-RateLimit-Limit:60
X-RateLimit-Remaining:58
X-RateLimit-Reset:1487003700

As can be seen above, there is no 'Access-Control-Allow-Origin: *' header in the Response and therefore the app is not allowed access the retrived data.

Note that in the browser console I can see both Status Code:200 OK or the JSON data from the server. Everything works behind a proxy, but this can work only in a dev env.

Thanks for helping me.

Solution

  • Should I assume that JWplayer don't properly manage CORS request on the 'api.jwplatform.com' end point?

    Yes.

    So if you want to get this working, the only practical solution is to either set up a reverse proxy or to use an open reverse proxy such as https://cors-anywhere.herokuapp.com/

    Instead of sending your request to https://api.jwplatform.com/v1/channels/list/?… directly, https://cors-anywhere.herokuapp.com/https://api.jwplatform.com/v1/channels/list/?… is where you send it, and that then proxies your request and responds to the browser with the Access-Control-Allow-Origin header and other expected CORS headers.

    You can set up your own instance of CORS Anywhere in Node.js with the cors-anywhere package:

    npm install --save cors-anywhere