Why do browser get requests work in node.js but not?

M

mr jeery2018-07-27 18:48:41

JavaScript

mr jeery, 2018-07-27 18:48:41

I am trying to get a response from a request

axios.get('https://testnet.bitmex.com/api/v1/trade/bucketed?binSize=1d&partial=false&symbol=XBT&count=100&reverse=true')
      .then(response => response.json())
      .then(json => console.log('json',json))

Error code 403.

GET https://testnet.bitmex.com/api/v1/trade/bucketed?binSize=1d&partial=false&symbol=XBT&count=100&reverse=true 403 ()

Failed to load https://testnet.bitmex.com/api/v1/trade/bucketed?binSize=1d&partial=false&symbol=XBT&count=100&reverse=true: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 403.

If you paste https://testnet.bitmex.com/api/v1/trade/bucketed?b...
into the browser, then everything works. Why ?
Need to add some headers to axios ? But what?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton Spirin, 2018-07-27
@rockon404

And you try to read the text of the error thoughtfully:

No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
The response had HTTP status code 403.

Research link

A

Abcdefgk, 2018-07-27
@Abcdefgk

When a request is made from a browser, it is a request from a page (in the browser) that was given to it (the browser) by the same server.
When a request is made "from outside" - this is a request "unknown from whom". The server does not accept "unknown from" requests unless specifically allowed to accept "unknown from" requests.
In general, this is called CSRF (Cross Site Request Forgery - "cross-site request forgery")