The Movie Database atbalsts

Hi There

I am experiencing a little bit of a CORS issue with displaying images via TMDB BunnyCDN endpoint.

Image Without CORS Headers: https://image.tmdb.org/t/p/w1280/eN3NJkb8SDiMtjXTfoE6CZDMWpu.jpg Image With CORS Headers: https://image.tmdb.org/t/p/w1280/xOMo8BRK7PfcJv9JCnx7s5hj0PX.jpg

It appears that the Access-Control-Allow-Origin and Access-Control-Expose-Headers headers are inconsistently being set. I see that they're returned only when the Origin header is set, however it appears that they are sometimes not returned, even if Origin is set.

Just wanted to check whether there is a change ongoing that may be affecting this, or whether I should dig a bit more my side to see if there are any changes in the request payloads that could be triggering this behaviour.

Thank you!

2 replies (on page 1 of 1)

Jump to last post

Hi @rhyswilliamsza,

I'm not seeing any difference with those two images:

curl -v -H "Origin: www.themoviedb.org" "https://image.tmdb.org/t/p/w1280/xOMo8BRK7PfcJv9JCnx7s5hj0PX.jpg"

* Host image.tmdb.org:443 was resolved.
* IPv6: (none)
* IPv4: 169.150.249.162
*   Trying 169.150.249.162:443...
* Connected to image.tmdb.org (169.150.249.162) port 443
* ALPN: curl offers h2,http/1.1
...

> GET /t/p/w1280/xOMo8BRK7PfcJv9JCnx7s5hj0PX.jpg HTTP/2
> Host: image.tmdb.org
> User-Agent: curl/8.7.1
> Accept: */*
> Origin: www.themoviedb.org
>
* Request completely sent off
< HTTP/2 200
< date: Tue, 10 Dec 2024 15:44:09 GMT
< content-type: image/jpeg
< content-length: 60857
< server: BunnyCDN-LA1-1108
< cdn-pullzone: 775336
< cdn-uid: 29af4e0e-bcbd-4fcb-8635-74ddc38a1ebf
< cdn-requestcountrycode: CA
< cache-control: public, max-age=31919000
< etag: "6644d076-edb9"
< last-modified: Wed, 15 May 2024 15:10:46 GMT
< cdn-storageserver: NY-268
< cdn-requestpullsuccess: True
< cdn-fileserver: 674
< perma-cache: HIT
< cdn-proxyver: 1.06
< cdn-requestpullcode: 200
< cdn-cachedat: 11/03/2024 12:23:49
< cdn-edgestorageid: 899
< cdn-status: 200
< cdn-requesttime: 0
< cdn-requestid: 5b1e3eddef7f57a580cbf3c6be731433
< cdn-cache: HIT
< accept-ranges: bytes
< access-control-allow-origin: *
< access-control-expose-headers: *

And:

curl -v -H "Origin: www.themoviedb.org" "https://image.tmdb.org/t/p/w1280/eN3NJkb8SDiMtjXTfoE6CZDMWpu.jpg"

* Host image.tmdb.org:443 was resolved.
* IPv6: (none)
* IPv4: 169.150.249.162
*   Trying 169.150.249.162:443...
* Connected to image.tmdb.org (169.150.249.162) port 443
* ALPN: curl offers h2,http/1.1
...

> GET /t/p/w1280/eN3NJkb8SDiMtjXTfoE6CZDMWpu.jpg HTTP/2
> Host: image.tmdb.org
> User-Agent: curl/8.7.1
> Accept: */*
> Origin: www.themoviedb.org
>
* Request completely sent off
< HTTP/2 200
< date: Tue, 10 Dec 2024 15:44:21 GMT
< content-type: image/jpeg
< content-length: 119116
< server: BunnyCDN-LA1-1108
< cdn-pullzone: 775336
< cdn-uid: 29af4e0e-bcbd-4fcb-8635-74ddc38a1ebf
< cdn-requestcountrycode: CA
< cache-control: public, max-age=31919000
< etag: "6754bd76-1d14c"
< last-modified: Sat, 07 Dec 2024 21:26:14 GMT
< cdn-storageserver: NY-427
< cdn-requestpullsuccess: True
< cdn-fileserver: 628
< perma-cache: HIT
< cdn-proxyver: 1.06
< cdn-requestpullcode: 200
< cdn-cachedat: 12/07/2024 21:44:24
< cdn-edgestorageid: 907
< cdn-status: 200
< cdn-requesttime: 0
< cdn-requestid: 65aa17b37173d466ed26619330e2ada5
< cdn-cache: HIT
< accept-ranges: bytes
< access-control-allow-origin: *
< access-control-expose-headers: *

Can you show me the request and response you're making?

Thanks! I was also struggling to reproduce via CURL but wasn't sure if it was perhaps intermittent. I'm investigating a few chrome behaviours that may be related, and will let you know if I manage to capture the issue coming from the CDN side (main theory is that it's local for now).

Chrome Results using Fetch:

fetch("https://image.tmdb.org/t/p/w1280/m2hs6YPVrzjvRC21SE9BeXtgqFW.jpg", {
  "headers": {
    "sec-ch-ua": "\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"macOS\""
  },
  "referrer": "http://localhost:8081/",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": null,
  "method": "GET",
  "mode": "cors",
  "credentials": "omit"
}).then(console.log);
Promise {<pending>}
Response {type: 'cors', url: 'https://image.tmdb.org/t/p/w1280/m2hs6YPVrzjvRC21SE9BeXtgqFW.jpg', redirected: false, status: 200, ok: true, …}
fetch("https://image.tmdb.org/t/p/w1280/9tIgF5Ht9ndLJEwv2e6TZrExMKw.jpg", {
  "headers": {
    "sec-ch-ua": "\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"macOS\""
  },
  "referrer": "http://localhost:8081/",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": null,
  "method": "GET",
  "mode": "cors",
  "credentials": "omit"
}).then(console.log);
Promise {<pending>}
movies:1 Access to fetch at 'https://image.tmdb.org/t/p/w1280/9tIgF5Ht9ndLJEwv2e6TZrExMKw.jpg' from origin 'http://localhost:8081' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.Understand this errorAI
VM3846:1
       GET https://image.tmdb.org/t/p/w1280/9tIgF5Ht9ndLJEwv2e6TZrExMKw.jpg net::ERR_FAILED
(anonymous) @ VM3846:1Understand this errorAI
VM3846:1
       Uncaught (in promise) TypeError: Failed to fetch
    at <anonymous>:1:1

Nevari atrast filmu vai TV pārraidi? Jāpiesakās, lai to izveidotu.

Vispārējs

s fokusēties uz meklēšanas joslu
p atvērt profila izvēlni
esc aizvērt atvērtu logu
? atvērt īsinājumtaustiņu logu

Informācijas nesēju lapās

b atgriezties (vai pie vecākiem, ja nepieciešams)
e doties uz labošanas lapu

TV sezonas lapās

(labā bultiņa) pāriet uz nākamo sezonu
(kreisā bultiņa) pāriet uz iepriekšējo sezonu

TV sērijas lapās

(labā bultiņa) pāriet uz nākamo sēriju
(kreisā bultiņa) pāriet uz iepriekšējo sēriju

Visās attēlu lapās

a atvērt attēla pievienošanas logu

Visās labošanas lapās

t atvērt tulkošanas atlasītāju
ctrl+ s iesniegt veidlapu

Diskusiju lapās

n radīt jaunu diskusiju
w pārslēgt skatīšanās stāvokli
p pārslēgt publisko/privāto
c pārslēgt aizvērt/atvērt
a atklāta darbība
r atbilde uz diskusiju
l doties uz pēdējo atbildi
ctrl+ enter iesniegt savu ziņojumu
(labā bultiņa) nākamajā lapā
(kreisā bultiņa) iepriekšējā lapa

Iestatījumi

Vēlies novērtēt šo vienumu vai pievienot to sarakstam?

Pieteikties