How to consume an API "without permission"

Asked

Viewed 232 times

0

In the searches I did, I found that it is not possible to consume an API if you do not release your host on the server(back-end), but I hope you are mistaken, this is the reason for this question, there is some method to consume an API "without permission"?

My problem is this, I want to search the status of a brand in the INPI, searched and found no API.

This is the link where it is possible to search.

The INPI was associated with European Trade Mark and Design Network and there it is also possible to do this research.

Using the browser "Inspector" in the network tab you can find the following on the European Trade Mark and Design Network website url in which a json is returned with the result I want, however when trying to insert this url in my application it presents the following error in the console.

Blocked cross-origin request: Same origin policy (Same Origin Policy) prevents reading the remote resource on https://www.tmdn.org/tmview/search-tmv?_search=false&nd=1540562034603&rows=10&page=1&sidx=tm&sord=asc&q=tmsort:%22test%22&fq=[]&pageSize=10&facetQueryType=2&providerList=null&expandedOffices=null&interfacelanguage=en&selectedRowRefNumber=null. (Reason: CORS header 'Access-Control-Allow-Origin' is not present). [Learn More]

Cross-Origin Request Blocked: The Same Origin Policy disallows the remote Resource at https://www.tmdn.org/tmview/search-tmv?_search=false&nd=1540562034603&rows=10&page=1&sidx=tm&sord=asc&q=tmsort:%22test%22&fq=[]&pageSize=10&facetQueryType=2&providerList=null&expandedOffices=null&interfacelanguage=en&selectedRowRefNumber=null. (Reason: CORS request Did not Succeed). [Learn More]

I have already found the following "solution"

"c:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/Chrome dev session" --disable-web-security

This way Google Chrome is booted but ignoring "web security" and allowing CORS, but the user will not do this to access my application.

All my tests were local, I’m using Angular 6.1.5, this is the code piece in which I’m trying to get the information, I believe I do not need, but if necessary put the complete code.

return this.http.get(url)
    .toPromise()
    .then((resposta: any) => {
        console.log(resposta);
        return resposta;
    }).catch(this.handleError);
angular api rest cors

1 answer

5

No, you cannot make a direct request from your domain, this protection exists to prevent websites from using resources from other domains as if they were your own. You can however send a request to your server, then from your server send a request to INPI, thus preventing the Barre browser the request for being cross-origin.

  • But how would you make this request?

Browser other questions tagged angular api rest cors

You are not signed in. Login or sign up in order to post.