Document Problems with CORS

Documentation Issues
#1

Hi. I’m trying to use the document API to get to a document, the problem is that there is a redirect in the call behind the scenes which my browser doesn’t like because it violates the CORS policy.

I thought the idea was that the Companies House API sent you back a location to the document in the response. Instead all I get is the notification of the CORS failure in the Chrome console. The irony being that the message in the console contains a valid link to the PDF which, when clicked, takes you to the document.

Has anyone else hit this? Any ideas?

Cheers

#2

I don’t have the “answer” sorry - we don’t use ajax for access, but are the following any help?

[ Updated response - sorry missed the ref. to Chrome - so do the following posts help?

]

Check the browser type / version - “In the initial definition of the CORS-standard, redirects after a successful CORS-preflight request were not allowed. IE11 implements this (now outdated) standard.”
This also seems to affect some versions of other browsers (e.g. Chrome - see http - CORS request with Preflight and redirect: disallowed. Workarounds? - Stack Overflow)

See:

Check the http headers sent in the ajax request and the response.

As you’ve found, if there’s a redirect behind the scenes (as here) ajax should automatically try to follow this. For info see the post:

There’s also a post covering various CORS issues (when accessing the main API):

For a good general explanation of cross-origin CORS, which seems to cover the same situation that occurs accessing the CH documents, try:

For reference - not relevant to your particular issue but if anyone searches this post to find how this redirect works - the process of requesting a CH document goes:

  1. For a given document I request the document metadata via CH Document API:
    GET https://document-api.companieshouse.gov.uk/document/JlaD_eQnrj6jfF4HgtRUYqU4EINOpYGnwl-ljdLqrIQ

CH send the response (some headers trimmed):
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json
…followed by the JSON body (document metadata resource object).

  1. I parse the JSON to get the document types available and the document URI. I then request this via the fetch document endpoint:
    GET https://document-api.companieshouse.gov.uk/document/JlaD_eQnrj6jfF4HgtRUYqU4EINOpYGnwl-ljdLqrIQ/content
    (I specify the content type I want to accept via the appropriate http header e.g. “Accept:application/pdf”)

CH send back a response which is a redirect to the document (stored on Amazon):

HTTP/1.1 302 Found
Location: https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/JlaD_eQnrj6jfF4HgtRUYqU4EINOpYGnwl-ljdLqrIQ/application-pdf?AWSAccessKeyId=ASIAI3K {lots more but I’ve trimmed the URI}

  1. I request this URI from Amazon again passing the content type I want to accept again. ( I don’t think you need to send the CH authorization headers. Presumably it’s not an issue if you do (e.g. if this automatically occurs via Ajax), I don’t know though. ):

GET https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/{…rest chopped}
Accept:application/pdf

  1. Amazon responds with a http 200 and the document data.
Fetch a document API
#3

how to get document id?