CORS for JS & Ionic

Cross-Origin Resource Sharing

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. These security restrictions only affect browser-based javascript and mobile javascript frameworks like Ionic.

Enabling CORS is only available in premium tiers. For free users you can set up a proxy server, Ionic also has a guide for this.

To enable CORS, you need to register your domain by sending a POST request to the headers endpoint. To achieve this in Postman

  • Set the POST request url to https://api-endpoint.igdb.com/headers/.
  • Set the body to the following json…
{
    "api_header": {
        "header": "Access-Control-Allow-Origin",
        "value": "yourdomain.com"
    }
}
  • Change the value to…
    • For production on a specific domain, use yourdomain.com (of course, change to your actual domain).
    • For local development (localhost) or any domain, use *.
    • For Ionic, use localhost:8100.
  • Send!

Future responses from the API will contain the special header required to access the API. Access-Control-Allow-Origin: yourdomain.com

To delete the header, send a DELETE request to /headers/?header=Access-Control-Allow-Origin.

IMPORTANT NOTE! Regenerating your API Key (user-key) will invalidate all existing headers. Please ensure your application registers these headers on start up to ensure they are always associated with the current user-key.