Use a CORS proxy to access public APIs
When an URL is outside the current domain, and the server does not send the Access-Control-Allow-Origin
header, the Same Origin Policy kicks in preventing scripts from accessing the contents. This is a security feature, and if the remote server needs authentication, it is the expected behavior.
On the other hand, it's frustrating when the contents are publicly available, and all you'd need is the header.
One solution is to tell the browser not to check the SOP. For Chrome, start with --disable-web-security --user-data-dir
. But this is hardly a good solution.
A better one is to use a proxy that fetches the contents and is either inside the origin domain or properly sets the Access-Control-Allow-Origin
header.
There are several implementations to choose from to start your own proxy. To start them is usually a one-liner with minimal configuration:
Also, there are some online proxies, but they are highly unreliable. A short list I could find: