API and Cors

avatar
BlinkTenor avatarBlinkTenor 4 years
{"ops":[{"insert":"Wanted to open by saying I love the interface you all have much more than any site and thanks for the hard work!\n\nI play a format Dollar General which is a sub format of EDH. The commander has to be $5 or less, and the 99 has to be $1 or less. When I had one deck it was easy but... once I had 6+ it became harder and harder. I'm a developer so I wrote a tool to verify. It hits your exposed api, pulls down deck (or decks if I query based on a folder), checks the data you provide, then I hit scryfalls api for any cards over the price range to see if there are ANY printings that are within budget (IE I have foil mountains, the printing is $1.50, but there are other mountains that cost $.01 so this card is ok).\n\nRecently, I have gotten a few more people into the format and wanted to expose the tool to them. I used vercel which hosts simple react apps for free. Problem is, when I try to query I'm getting a cors rejection as the origin isn't localhost:3000. I can verify this locally by changing the port to 3006 and seeing the cors denial. Was this intended?\n"}]}
0
avatar
{"ops":[{"insert":"Cool stuff! Glad to hear you're enjoying the site. \n\nUnfortunately what you're running into is very much intended. I'm not sure how familiar you are with cors, but the general premise is that it's a security measure that's setup to only allow cookies to be used on the site that they're intended to be used for. That's a really general, very broad view of what's happening. Here's a "},{"attributes":{"link":"https://stackoverflow.com/questions/27365303/what-is-the-issue-cors-is-trying-to-solve"},"insert":"stackoverflow post"},{"insert":" talking about cors if you're looking for more info. \n\nThe reason that localhost:3000 is allowed is simply because that's what we use for local development, and it can be convenient to hit the prod/ dev apis with a locally hosted client for debugging purposes. \n\nYou could get around this by hosting your own proxy api with cors settings either open, or setup for your own domain. Because cookies only exist within the browser, you can hit those endpoints without having to worry about cors errors. From there your site can hit your api for the data. \n"}]}
Edited 9/4/2021, 1:43:43 PM
0
1
Magic: The Gathering is a Trademark of Wizards of the Coast, Inc. and Hasbro, Inc. Archidekt is unaffiliated.
Comments and deck descriptions are user submitted and do not represent the views of Archidekt.
Current card prices are provided by TCG Player, Card Kingdom, Cardmarket and Cardhoarder
Additional data from Scryfall and EDHREC
Privacy Policy   Terms of Service

Space Cow Media ©2025

Build Id - c82c48f

Support us on Patreon to remove ads!