clj-http returns status 200 but cljs-http client returns status 0 for the same request

Question

I make a request like so using clj-http.client

(http/get "https://www.example.com/bar")

and get a response with status 200.

However, when I make the same request with cljs-http.client like so:

(go (let [response (<! (http/get (str "https://example.com" "/bar")))]
         (prn response)))

I get a response with status 0, and in the browser it says that it's been blocked by the cors policy.

Why would the cljs-http.client request be blocked by the cors policy if the clj-http.client request isn't?

(defn response [data & [status]]
  {:status (or status 200)
   :headers {"Content-Type" "application/edn"
             "Access-Control-Allow-Headers" "Content-Type"
             "Access-Control-Allow-Origin" "*"
             "Access-Control-Request-Method" "GET"}
   :body (pr-str data)})

I wrap my response for route "bar" with the function response above.

score 1 · Answer 1 · answered Mar 15 '20 at 16:26

Regardless of the HTTP library used: If you are in a browser context, the browser has full control over the actual HTTP request and will enforce CORS.

If you call from a non-browser context, you have full control over the HTTP exchange.

Your only option is to make sure your server-side understands CORS and returns the correct HTTP headers.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS for a description of what the server-side needs to do.

If you are using ring, wrapping your routes with wrap-cors is one possibility.

To test your CORS routes from clj, make sure you send HTTP requests with an Origin header set. Your ring route should respond with Access-Control-Allow-Origin set to the allowed origins. (Often '*' is used, which is fine for simple request)

clj-http returns status 200 but cljs-http client returns status 0 for the same request

1 Answers1