Re: [openstreetmap/openstreetmap-website] Allow getting a GPX in the browser outside openstreetmap.org (Issue #5639)

Harel M via rails-dev Mon, 10 Feb 2025 00:29:07 -0800

Here's an example of a call to get the data of one of my traces:
Running the following code in the browser console when surfing to 
https://israelhiking.osm.org.il/:
```js
fetch("https://api.openstreetmap.org/api/0.6/gpx/4192873/data";).then(r => 
r.text()).then(console.log)
```


![Image](https://github.com/user-attachments/assets/6e1f4a01-2bca-4b80-b83e-8556f3110a33)

Which is expected, as this trace is not "fully public", and thus requires 
authentication.
When adding the OAath2 token as a header I get this:
```js
fetch("https://api.openstreetmap.org/api/0.6/gpx/4192873/data";, { method: 
"GET", headers: {Authorization: "Bearer my-token-reducted"}}).then(r => 
r.text()).then(console.log)
```
I get the following error:

![Image](https://github.com/user-attachments/assets/63feb184-ae74-4b0f-9ae6-dbc2f2a94f53)

While there might not be a need to send preflight request, the browser does 
this anyway and thus prevents from getting the data right from the browser.
Is it possible to add CORS support for the relevant endpoint?
Am I doing something wrong?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/5639#issuecomment-2647253954
You are receiving this because you are subscribed to this thread.

Message ID: 
<openstreetmap/openstreetmap-website/issues/5639/2647253...@github.com>

_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev

Re: [openstreetmap/openstreetmap-website] Allow getting a GPX in the browser outside openstreetmap.org (Issue #5639)

Reply via email to