Use a CORS proxy to access public APIs

When an URL is outside the current domain, and the server does not send the Access-Control-Allow-Origin header, the Same Origin Policy kicks in preventing scripts from accessing the contents. This is a security feature, and if the remote server needs authentication, it is the expected behavior.

On the other hand, it's frustrating when the contents are publicly available, and all you'd need is the header.

One solution is to tell the browser not to check the SOP. For Chrome, start with --disable-web-security --user-data-dir. But this is hardly a good solution.

A better one is to use a proxy that fetches the contents and is either inside the origin domain or properly sets the Access-Control-Allow-Origin header.

There are several implementations to choose from to start your own proxy. To start them is usually a one-liner with minimal configuration:

• local-cors-proxy
• no-cors-proxy
• cors-anywhere

Also, there are some online proxies, but they are highly unreliable. A short list I could find:

• https://crossorigin.me/
• https://cors-anywhere.herokuapp.com/

Try it

• https://gist.run/?id=8026631604b2f4aa8f1f627b90ab2ced

References

• https://stackoverflow.com/a/3177718/2032154