I am using the Web API from a web based iPhone and Android app to allow user to open the front door.
This has been working for about 5 years now but since last Monday evening March 4th 2024 I cannot access my lock anymore.
When debugging in the browser on my laptop I run into a CORS error:
Has something changed over the last two days and what should be done to avoid this error.
It looks like you have to set the Access-Control-Allow-Origin header in the response.
Hi!
Yes, on Monday the CORS configurations were changed on our servers to comply with stricter security requirements. The access to API endpoints form localhost is no longer supported.
And when did you inform your users about this? I am having a major operational issue here.
Is it possible to revert this change and plan it sometime in the future?
This is very inconvenient, because a lot of mobile apps are web based apps making request from localhost.
What security problem are we trying to solve here?
Hello, I also have the same problem and I can’t find a solution. Would it be possible to get some help?
Due to the new CORS policy, you cannot call the API endpoints directly from your web application.
A possible solution would be by proxying the request.
You can proxy the request through your own server. Their server can make the request to ‘https://api.nuki.io’ on behalf of your web application. If the request comes from your server, CORS won’t be an issue.
Okay thank you I just corrected my problem have a nice day
