No 'Access-Control-Allow-Origin' header is present on the requested resource
Hi,
I am making a GET request to Cloudinary from a browser-side live website.
However I'm getting a 401 error [unauthorised]. The endpoint I am hitting works with curl / Postman i.e. works from servers.
I expected to see maybe somewhere where I could whitelist my domain, but can't see anything like this?
What could be going wrong?
Thank you!
-
browseFiles.addEventListener('click', () => {return axios({url: `https://${API_KEY}:${API_SECRET}@api.cloudinary.com/v1_1/${CLOUD_NAME}/resources/image`,method: 'GET',headers: {'Content-Type': 'application/json'},}).then(res => {console.log(res)}).catch(function (err) {console.log(err);});}) -
works all day long from curl on cmd line
WHERE IS THE DOCUMENTATION on how to format a basic request to list resources? ( the documentation that actually speaks to this error that is:
// Response to preflight request doesn't pass access control check:// No 'Access-Control-Allow-Origin' header is present on the requested resource.)
-
Hi Brad,
Thanks for providing us with your implementation.
Please note that calling the Admin API's resource method is not supported via client side. Moreover, using admin API requires the account's secret key. It should not be used in client code since it leaks that secret.
The safer alternative would be creating a custom endpoint in your backend which calls Cloudinary's admin API for the resources (so that the secret is not exposed).Hope this helps, please let me know if you have any further questions.
Post is closed for comments.
Comments
4 comments