I have a ghost blog v2.13.1. From another site (completely different domain) I am using the Ghost v0.1 API. Getting posts works using this API. When I try to authenticate as a user (so that I can create a post) using the endpoint “/authentication/token” it works from the site being tested in localhost but not on the actual site pushed live. On the actual site I get an error saying its a CORS violation. I have already added the actual site domain as part of client_trusted_domains in the DB. The localhost domain didn’t need to be added for the API to work.
Note: when implementing this, the browser would return an error that was a CORS error for any error that Ghost threw. For instance, when the “filter” parameter in my GET posts was not processed properly, it would throw a CORS error and not the actual error.
I fixed the authentication call by setting the content type header to “application/x-www-form-urlencoded”. However the create post method requires “application/json” and it continues to throw CORS errors.
Any help ion this would be greatly appreciated!