4

I am trying to make an XHR request to facebook's oembed but hitting a CORS error. Anybody knows if this is because Facebook doesn't allow CORS requests to the oembed endpoint? If that's the case why would it not be allowed? Is the endpoint supposed to be used outside the browser?

XMLHttpRequest cannot load https://apps.facebook.com/plugins/
post/oembed.json/?url=https://www.facebook.com/notes/mark-zuckerberg/
a-letter-to-our-daughter/10153375081581634.

No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8000' is therefore not allowed access.

I am also hitting the same thing with other providers: YouTube, Twitter, Vine, Instagram. Some seems to allow it: Vimeo and Soundcloud.

mkhatib
  • 5,089
  • 2
  • 26
  • 35
  • It seems like you're not using one of their oEmbed URLs: https://developers.facebook.com/docs/plugins/oembed-endpoints – curveorzos Dec 10 '15 at 18:30

1 Answers1

2

Most of oEmbed providers does not allow cross origin resource sharing AFAIK. Hence to avoid this you can make a call to oEmbed end point from your server instead of making it from browser/ mobile client so that you can escape from CORS.

Tom Taylor
  • 3,344
  • 2
  • 38
  • 63