Question
I'm trying to use Disqus OAuth2 authentication. This is what I did:
1: Created a disqus application and set http://myweb/login as callback uri and myweb in the Domain textarea (Domains linked to your public key (for referral checks)).
2: Tried to make XHR GET request on disqus.com/api/oauth/2.0/authorize from http://myweb/somepage. CORS error appears.
I solved it by calling
https://stackoverflow.com/questions/22736166
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianwindow.open("https://disqus.com/api/oauth/2.0/authorize/?
client_id="+id+"&scope=read&response_type=code&redirect_uri=http://myweb/login",
"_blank");
Where id is th ID of my application. This works, I get the code response in the URL.
3: Now I need to POST to retrieve the access token. CORS error again. I tried to create and submit form and the server response is OK.
The errors are:
XMLHttpRequest cannot load https://disqus.com/api/oauth/2.0/authorize/?
client_id=...&redirect_uri=http://myweb/login. No 'Access-Control-Allow-Origin'
header is present on the requested resource.
Origin 'http://myweb' is therefore not allowed access.
I feel that I am doing something wrong, that the disqus OAuth2 server should set Access-Control-Allow-Origin for my application or something. So how to avoid the CORS errors in HTTP requests?
I don't want to use PHP or jQuery to solve this.
Solution
The Disqus OAuth implementation is a server-side only, which is why your request is being rejected. Even if you could make the request client-side, you would be exposing your API secret key, which wouldn't be good.
You would have to use PHP or another server-side language to make the request for the access token, I'm afraid.
