The CORS Header 'Access-Control-Allow-Origin' is missing

You are making a request to another site, in this case the API at api.webuntis.dk. This type of request is called a "Cross Origin Request"

For such requests to work in JavaScript, the server on their end needs to allow them.

This is done by their server sending special CORS headers, the most basic one being the "Access-Control-Allow-Origin" header.

I guess the API provider has not foreseen or planned for this API to be used from a frontend (e.g. JavaScript in the browser), so you would have to work around this.

One way is to set up your own server and have the JavaScript code make a request to your server and your server then making a request to the API, as server side code is not bound to CORS headers.

Alternatively, to try things out, you can prefix the URL with https://cors.io like this:

const url = 'https://cors.io/?https://api.webuntis.dk/api/status';

What is CORS ?

from MDN :

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.

SOLUTION

You need to settings the CORS permission in your server. (https://api.webuntis.dk/api/status)

Setting Example :

  1. PHP

    <?php header("Access-Control-Allow-Origin: *");

  2. Rails

    #in config/application.rb config.action_dispatch.default_headers = { 'Access-Control-Allow-Origin' => '*', 'Access-Control-Request-Method' => %w{GET POST OPTIONS}.join(",") }

note: Change * to specific URL that you want to allow CORS. '*' is highly discouraged, unless you are providing a public API that is intended to be accessed by any consumer out there.