API: Cross Origin


#1

Im trying to consume posts with the public api.

React App + Axios <-> Ghost

But why im getting:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <_BIG_URL_CHUNK_>.

The url from which im trying to consume is:
something.url.com
and my ghost blog lives on:
www.url.com


#2

Add CORS Origin in the Nginx Header

  • Open /etc/nginx/snippets/ssl-params.conf

  • Add this below line on ssl-params.conf file

add_header 'Access-Control-Allow-Origin' '*';
  • For Single Domain
add_header 'Access-Control-Allow-Origin' 'https://example.com';
  • Save the File & restart Nginx
sudo service nginx restart

#3

You should not need to make any changes to your nginx file for this to work.

There is a guide to using the public API I think you will find useful.


#4

@David

The solution that is described on Ghost doesnt work outside a dev enviroment.

Have you tried it ?.


#5

@cristiandley
We use this method actively on blog.ghost.org so it certainly works :wink:

Have you added your domain to the trusted domains table?

If you can provide some more details on what you have tried so far then we can investigate this further


#6

@David

I added the domain to the trusted table. It is the same domain, except it is located on a sub-domain.

ghost.yyy.com
something.yyy.com


#7

Okay, the domains are quite explicit so it needs to include the subdomain.
Wildcards are also not allowed :slight_smile:

The domain also has to include the protocol.


#8

No idea what is the problem.

My ghost.yyy.com lives in server A
And something.yyy.com lives in server B

adding those values as in the guide does not work at all.


#9

It would be much easier to help you if you provided the real URLs you’re trying to use. As David mentioned, you need to include the protocol.

So for example, in the trusted domains table for blog.ghost.org, we have https://ghost.org and then we are able to fetch posts to display on our main site.


#10

@Hannah Okey, this is it

tried adding subdomain and with no subdomain


#11

Ok, and what is the exact domain that are you making the API request from?


#12

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.