Ajax error 403 / why it stopped working?

ptrend · February 8, 2021, 2:12pm

Dear all,

it was working great for some time, now it gives me 403 error.
I did not have to even give headers, and it still processed JS.

What has happend?

dannyjamesfletcher · February 8, 2021, 2:22pm

It’s possible that the agsi API burned your API key. If they were able to determine it was leaked somehow (which it was because it’s in your source code) they might put it on a deny list.

If it was working and all of a sudden it stopped and you hadn’t made any changes the only thing I can really think of is that the API key is no longer valid.

If you deploy this to Netlify and use their servers “Netlify Functions” you can hide the API key without writing a backend for your app

Let me know if you need help with that.

ptrend · February 8, 2021, 5:23pm

thx for response,
i think problem is somewhere else, python module with this api works fine:

besides i do not know why but for some time, agsi worked without key when it went through https://cors-anywhere.herokuapp.com/

i think comething is with cors, i get on error:
responseText: “See /corsdemo for more info↵”

dannyjamesfletcher · February 8, 2021, 8:59pm

Oh ok gotcha.

Are you getting the 403’s when trying to run this in your local dev environment?

DanCouper · February 9, 2021, 1:56am

Rate limit on cors-anywhere is 50 per hour, plus it needs a manual unlock in the browser to not 403. It won’t just work out of the box – you need to go to cors-anywhere and unlock it for your browser to allow it to (temporarily) serve requests. You need to be aware that you seem to be seriously abusing the service by hammering it with that many requests. It’s not supposed to be for huge loads; it’s not really supposed to be for any loads, it’s just the developer’s demo of a development tool he built for small infrequent requests.

github.com/Rob--W/cors-anywhere

PSA: Public demo server (cors-anywhere.herokuapp.com) will be very limited by January 2021, 31st

opened 12:26PM - 12 Dec 20 UTC

Rob--W

The demo server of CORS Anywhere (cors-anywhere.herokuapp.com) is meant to be a …demo of this project. But abuse has become so common that the platform where the demo is hosted (Heroku) has asked me to shut down the server, despite efforts to counter the abuse (rate limits in #45 and #164, and blocking other forms of requests). Downtime becomes increasingly frequent (e.g. recently #300, #299, #295, #294, #287) due to abuse and its popularity. To counter this, I will make the following changes: 1. The rate limit will decrease from 200 (#164) per hour to 50 per hour. 2. By January 31st, 2021, cors-anywhere.herokuapp.com will stop serving as an open proxy. 3. From February 1st. 2021, cors-anywhere.herokuapp.com will only serve requests after the visitor has completed a challenge: The user (developer) must visit a page at cors-anywhere.herokuapp.com to temporarily unlock the demo for their browser. This allows developers to try out the functionality, to help with deciding on self-hosting or looking for alternatives. ### What should current users of CORS Anywhere do in response to this announcement? If possible, try to avoid the need for a proxy at all. CORS Anywhere works by combining proxy functionality with [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS). You may not need proxy functionality, if the web service that you are trying to access already supports CORS. This is the preferred solution because it is faster and more reliable. For development, you can also consider the use of browser extensions that automatically enables CORS for certain websites. If your use of CORS Anywhere is infrequent, then the exception from step 3 above will allow you to continue as before. The only difference is that you need to explicitly opt in before access is temporarily allowed. If you'd like to not have these restrictions, then you should self-host CORS Anywhere. For an example of self-hosting, see https://github.com/Rob--W/cors-anywhere#demo-server . There are also many questions and answers about hosting on the issue tracker here (https://github.com/Rob--W/cors-anywhere/issues). If you have questions, please search for existing issues first before opening a new issue.

The demo server of CORS Anywhere (cors-anywhere.herokuapp.com) is meant to be a demo of this project. But abuse has become so common that the platform where the demo is hosted (Heroku) has asked me to shut down the server, despite efforts to counter the abuse (rate limits in #45 and #164, and blocking other forms of requests). Downtime becomes increasingly frequent (e.g. recently #300, #299, #295, #294, #287) due to abuse and its popularity.

To counter this, I will make the following changes:

The rate limit will decrease from 200 (#164) per hour to 50 per hour.

By January 31st, 2021, cors-anywhere.herokuapp.com will stop serving as an open proxy.

From February 1st. 2021, cors-anywhere.herokuapp.com will only serve requests after the visitor has completed a challenge: The user (developer) must visit a page at cors-anywhere.herokuapp.com to temporarily unlock the demo for their browser. This allows developers to try out the functionality, to help with deciding on self-hosting or looking for alternatives.

ptrend · February 9, 2021, 8:17am

thx,

I did
" he user (developer) must visit a page at cors-anywhere.herokuapp.com to temporarily unlock the demo for their browser. "
and it works.

ptrend · February 9, 2021, 8:19am

thx for inf about netlify, very easy to load simple backend version
many thx

https://agsi.netlify.app/

system · August 10, 2021, 8:20pm

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.