CORS interruption while fetching Smartsheet API

Sayantan_sarkar
Sayantan_sarkar
in API & Developers

We want to use simple fetch to GET request the data from our Smartsheet instead to the Smartsheet JS SDK. The code snippet is as follows :

Screenshot 2024-04-02 at 10.53.52 AM.png

This JS file has been linked to a HTML file which is being fired up on the browser using Live Server extension available in VsCode. But upon checking the console on the browser (all major browsers in the local system) we are observing this error :

Screenshot 2024-04-02 at 8.42.35 PM.png

The GET request is working fine when using Postman (postman doesn't enforce CORS) or CURL. Therefore, compared the underlying cUrl in both the cases. It seems the headers are not being passed properly for fetch command.

Screenshot 2024-04-02 at 7.22.51 PM.png

We have other API's associated to the project (not Smartsheet API's) and fetch calls for them are working just fine. Therefore, I am wondering whether it's an issue related to the API or the live server we are using. As the documentation mentions connection to the API via the JS SDK, thought of asking if there is any other way around ?

Thank you for your help !

Tags:
· Share on FacebookShare on Twitter

Answers

  • Brian_Richardson
    Brian_Richardson Overachievers Alumni

    Can you try adding header Access-Control-Allow-Origin: *

    There ends my knowledge heh. This sounds to me like something for the API devs to dig into, which will require a Support ticket from you to initiate. Unless @Genevieve P. has direct access to forward this on?

    BRIAN RICHARDSON | PMO TOOLS AND RESOURCES | HE|HIM

    SEATTLE WA, USA

    IRON MOUNTAIN

    · Share on FacebookShare on Twitter
  • Genevieve P.
    Genevieve P. Employee

    Heya! Thanks for the tag, @Brian_Richardson

    I'm not familiar with the Live Server extension available in VsCode so I'm unsure I (or frontline Support) would be able to help… we would test the request in Postman which looks to be working to ensure the API documentation is correct. However Support does not actively support SDKs.

    "Access-Control-Allow-Origin" is not a Smartsheet header; this is what I found out about it in Stack Overflow https://stackoverflow.com/questions/10636611/how-does-the-access-control-allow-origin-header-work

    Based on this, Brian's suggestion of adding * looks to be what I would try:

    Only if the response contains "Access-Control-Allow-Origin" AND its value is "*" or contain the domain who submitted the CORS request, by satisfying this mandtory condition browser will submit the actual Cross-Domain request, and cache the result in "Preflight-Result-Cache".

    Let us know if this works, @Sayantan_sarkar!

    Cheers,
    Genevieve

    Need more help? 👀 | Help and Learning Center

    こんにちは (Konnichiwa), Hallo, Hola, Bonjour, Olá, Ciao! 👋 | Global Discussions

    · Share on FacebookShare on Twitter

Categories