Angular fetch vine thumbnail

Question

I attempt to fetch vine thumbnail following their doc with the following code:

<!-- language: lang-js -->
var onGetVineThumbnailSuccess = function( videoUrl ) {
    return function( response ) {
    var args = { videoUrl: videoUrl };
    args.thumbnailUrl = response['thumbnail_url']; // jshint ignore:line

    $rootScope.$broadcast( 'event:onGetVineThumbnailSuccess', args);
  };
};

var getVineThumbnail = function ( videoUrl ) {
  $http
    .get( 'https://vine.co/oembed.json?url=' + encodeURIComponent( videoUrl ) )
    .then( onGetVineThumbnailSuccess( videoUrl ) );
};

but in the console I've this error:

XMLHttpRequest cannot load https://vine.co/oembed.json?url=https%3A%2F%2Fvine.co%2Fv%2FeV1mMuab7Mp. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.

By the way this link: https://vine.co/oembed.json?url=https%3A%2F%2Fvine.co%2Fv%2FeV1mMuab7Mp works. If I put directly to browser's url bar. I obtain this JSON:

{
  "version": 1.0,
  "type": "video",
  "cache_age": 3153600000,
  "provider_name": "Vine",
  "provider_url": "https://vine.co/",
  "author_name": "Evengelia",
  "author_url": "https://vine.co/u/1204040590484971520",

  "title": "Everything was beautiful on this day. #6secondsofcalm",

  "thumbnail_url": "https://v.cdn.vine.co/r/videos/59734161E81269170683200901120_45a46e319ea.1.1.8399287741149600271.mp4.jpg?versionId=tc3t.oqGtjpJNlOX1AeM1CAnWONhbRbQ",
  "thumbnail_width": 480,
  "thumbnail_height": 480,
  "html": "<iframe class=\"vine-embed\" src=\"https://vine.co/v/eV1mMuab7Mp/embed/simple\" width=\"600\" height=\"600\" frameborder=\"0\"><\/iframe><script async src=\"//platform.vine.co/static/scripts/embed.js\"><\/script>",
  "width": 600,
  "height": 600
}

Sounds as CORS issue. But as I've no control on Vine, how should I call this service?

Answer 1

Access-Control-Allow-Origin is set on the response from server, not on client request to allow clients from different origins to have access to the response.

In your case, http://www.vine.co/ does not allow your origin to have access to the response. Therefore you cannot read it.

For more information about CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

But, The Chrome Webstore has an extension that adds the 'Access-Control-Allow-Origin' header for you when there is an asynchronous call in the page that tries to access a different host than yours.

The name of the extension is: "Allow-Control-Allow-Origin: *" and this is the link: https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi