cancel
Showing results for 
Search instead for 
Did you mean: 
staroutofspace
Community Member

Can We Bypass CORS Restrictions to Make API Calls

My team and I are working on a Gamification project that would use the Canvas API. We're building this in Unity, and currently using UnityWebRequest. We are hoping to make HTML5 builds that use WebGL libraries. The goal is to store these builds within Canvas courses so that students can easily access the games. The problem we are currently running into is that cross-domain restrictions don't allow us to make any API calls using GET/POST/etc requests. Specifically, we receive an error that states "No 'Access-Control-Allow-Origin' header is present on the requested resource". We know that schools could have the ability to enable this on their canvas instances, but will probably resist this due to potential security issues.

Is there a way to bypass the CORS restrictions?

4 Replies
kona
Community Coach
Community Coach

staroutofspace, this isn't my area of expertise, but I'm going to share this with the Canvas Developers‌ and Gamification‌ groups in the Community to see if they can help!

Hope this helps!

Kona

pklove
Community Champion

I think your application is running in the browser and the WebGL is using JavaScript for the calls.  In this case, if you cannot have CORS implemented on the server, the only way people seem to work around the origin issue is by using a proxy.  Given the security issues around your API calls, if you were to proxy, you would want to be running your own proxy server.  It wouldn't really be a very good solution.

BTW, its not really a CORS restriction, its a same-origin restriction.  Cross-Origin Resource Sharing (CORS) is a mechanism for allowing cross-origin.  A good explanation of it is at: Cross-Origin Resource Sharing (CORS) - HTTP | MDN 

Robbie_Grant
Community Coach
Community Coach

staroutofspace,

Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment.  Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.

 

Robbie

themidiman
Community Champion

I wonder if the cors anywhere service/concept can help: CORS Anywhere 

https://cors-anywhere.herokuapp.com/