CORS header ‘Access-Control-Allow-Origin’ missing

i am accessing trip planning api https://api.transport.nsw.gov.au/v1/tp/trip with api key. its perfectly working by postman but when i try to access this api by my code i am getting CORS error. error is as below in detail.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

please help

This was answered in Not able to authenticate appication with bearer token in trip planner API - #5 by jxeeno

Given the number of people hitting CORS issues, would you consider enabling it? I see it is already enabled for opendata.transport.nsw.gov.au . Maybe if there is no mechanism for us to specify our origins with the portal, we could maybe mail you a list for you to update?

I know this is late but I wanted to let people know why CORS is actually a good thing.
If you get a CORS error, it means you are calling the API from client side code. This means your API key among other things has to be visible to the client. Someone can then just have a look at source, use your API and exploit it. This is why API calls should be handled from server side.

1 Like