Please help - getting 400 return on /posts

DeiLayborer · December 21, 2023, 8:38pm

Hi – for some reason, I’m not able to make an anonymous post through the API in JavaScript. This is through an app (the Obsidian plugin I’m working on), so don’t know if that makes a difference.

Here’s the code:

    const postData = { // all 3 are strings
        body: currentText,
        title: postTitle,
        font: settings.postType
    }

    const uploadResponse = await fetch('https://write.as/api/posts', {
        method: 'POST',
        mode: "no-cors",
        headers: {
            "Content-Type": "application/json",
        },
        body: JSON.stringify(postData) // this appears valid, at least from console output...
        }
    );

I have to do no-cors or else I get an error, possibly related to the headers the API server is returning? Not sure.

But with the above code, I instead get 400 (Bad Request) without any further details.

Any ideas what’s going on?
@support

matt · December 30, 2023, 1:00am

Hmm, the code looks good to me! This seems to be a CORS issue – when I change the backend to work without the no-cors option, the request seems to go through fine.

Others have discussed allowing access from anywhere before, but I’m not sure we want to open up the anonymous API to allow this kind of access via the browser. But maybe we could do that for authenticated requests. Do these requests / posts need to be anonymous?

DeiLayborer · December 30, 2023, 2:25pm

Thanks for the reply! This is weird though … wouldn’t it give a CORS error in that case? I ask because if I set mode in the request to something else (e.g. cors), I get a specific CORS error rather than just 400.

Meanwhile, there are existing libraries/command line programs that presumably work, which is also making me wonder.