Ajax error 403 / why it stopped working?

Dear all,

it was working great for some time, now it gives me 403 error.
I did not have to even give headers, and it still processed JS.

What has happend?

It’s possible that the agsi API burned your API key. If they were able to determine it was leaked somehow (which it was because it’s in your source code) they might put it on a deny list.

If it was working and all of a sudden it stopped and you hadn’t made any changes the only thing I can really think of is that the API key is no longer valid.

If you deploy this to Netlify and use their servers “Netlify Functions” you can hide the API key without writing a backend for your app :slight_smile:

Let me know if you need help with that.

thx for response,
i think problem is somewhere else, python module with this api works fine:

besides i do not know why but for some time, agsi worked without key when it went through https://cors-anywhere.herokuapp.com/

i think comething is with cors, i get on error:
responseText: “See /corsdemo for more info↵”

Oh ok gotcha.

Are you getting the 403’s when trying to run this in your local dev environment?

Rate limit on cors-anywhere is 50 per hour, plus it needs a manual unlock in the browser to not 403. It won’t just work out of the box – you need to go to cors-anywhere and unlock it for your browser to allow it to (temporarily) serve requests. You need to be aware that you seem to be seriously abusing the service by hammering it with that many requests. It’s not supposed to be for huge loads; it’s not really supposed to be for any loads, it’s just the developer’s demo of a development tool he built for small infrequent requests.

The demo server of CORS Anywhere (cors-anywhere.herokuapp.com) is meant to be a demo of this project. But abuse has become so common that the platform where the demo is hosted (Heroku) has asked me to shut down the server, despite efforts to counter the abuse (rate limits in #45 and #164, and blocking other forms of requests). Downtime becomes increasingly frequent (e.g. recently #300, #299, #295, #294, #287) due to abuse and its popularity.

To counter this, I will make the following changes:

  • The rate limit will decrease from 200 (#164) per hour to 50 per hour.
  • By January 31st, 2021, cors-anywhere.herokuapp.com will stop serving as an open proxy.
  • From February 1st. 2021, cors-anywhere.herokuapp.com will only serve requests after the visitor has completed a challenge: The user (developer) must visit a page at cors-anywhere.herokuapp.com to temporarily unlock the demo for their browser. This allows developers to try out the functionality, to help with deciding on self-hosting or looking for alternatives.
1 Like


I did
" he user (developer) must visit a page at cors-anywhere.herokuapp.com to temporarily unlock the demo for their browser. "
and it works.

1 Like

thx for inf about netlify, very easy to load simple backend version
many thx


1 Like