Hi. I’m trying to use the document API to get to a document, the problem is that there is a redirect in the call behind the scenes which my browser doesn’t like because it violates the CORS policy.
I thought the idea was that the Companies House API sent you back a location to the document in the response. Instead all I get is the notification of the CORS failure in the Chrome console. The irony being that the message in the console contains a valid link to the PDF which, when clicked, takes you to the document.
I don’t have the “answer” sorry - we don’t use ajax for access, but are the following any help?
[ Updated response - sorry missed the ref. to Chrome - so do the following posts help?
]
Check the browser type / version - “In the initial definition of the CORS-standard, redirects after a successful CORS-preflight request were not allowed. IE11 implements this (now outdated) standard.”
This also seems to affect some versions of other browsers (e.g. Chrome - see http - CORS request with Preflight and redirect: disallowed. Workarounds? - Stack Overflow)
See:
Check the http headers sent in the ajax request and the response.
As you’ve found, if there’s a redirect behind the scenes (as here) ajax should automatically try to follow this. For info see the post:
There’s also a post covering various CORS issues (when accessing the main API):
For a good general explanation of cross-origin CORS, which seems to cover the same situation that occurs accessing the CH documents, try:
For reference - not relevant to your particular issue but if anyone searches this post to find how this redirect works - the process of requesting a CH document goes:
CH send the response (some headers trimmed):
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json
…followed by the JSON body (document metadata resource object).
I request this URI from Amazon again passing the content type I want to accept again. ( I don’t think you need to send the CH authorization headers. Presumably it’s not an issue if you do (e.g. if this automatically occurs via Ajax), I don’t know though. ):