CORS issue with Content-Type header

With regards to the following javascript code snippet:

fetch('https://api.lifx.com/v1/lights/all/state', { method: 'PUT', headers: { "content-type" : "application/json", "authorization" : 'Bearer ${token}' }, body: JSON.stringify({ color: "hue:305 saturation:0.7 brightness:1"}) })

I get the following error message:
Fetch API cannot load https://api.lifx.com/v1/lights/all/state. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3000’ is therefore not allowed access. The response had HTTP status code 403. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

However, the request is successful if the content-type header is omitted, but the body is ignored and bulb does not change colour.

I’m not sure if a Access-Control-Allow-Headers header is missing on the api.

Any feedback would be appreciated.

Thanks.

1 Like

It seems they broke many parts of this API over the last few days.

I’m hoping they revert back to the previous API until these issues are resolved since there are too many to simply fix overnight. I also suggest they test modifications thoroughly before releasing to the public and never release major updates before a weekend.

1 Like

You are 100% correct, we are currently working on a fix for this right now. We will respond to this post when the fix is on our production servers.

We have already rolled out a fix to assume a Content-Type of application/json if none is specified so this should mitigate the issue for now.

We test our changes thoroughly however we are not perfect and clearly some things have been missed. I recognise that more testing could have been done and in the future we will take this into account.

These changes have been slowly rolled out across the week and we have been responding here the whole time.

1 Like

Content-Type should now be in our Access-Control-Allow-Headers on the CORS preflight.

1 Like

It sees that you broke the API.

Could you please provide more details?