使用 REST API 从本地主机开发时处理 CORS - Streamlabs API

Question

I'm sure this question will get flagged in some manner, however hours of searching has prompted no usable information.

Many projects require me to use various APIs. The current project uses the Twitch and Streamlabs API. When trying to access the /authorize endpoints, I'm hit with a CORS policy restriction. This is because my referer/origin is localhost.

My question lies in how others set up their environment for this not to be an issue. I understand why CORS is blocking me (to an extent), but what I don't understand is how I'm expected to work away from my production server if localhost has a blanket restriction.

I have as well tried manipulating headers in fetch as well as using [no-cors] , but no avail here either. Any ideas?

  // Starts authorization
  getAuth() {
    const data = fetch (`https://streamlabs.com/api/v1.0/authorize?client_id=${clientID}&response_type=code&redirect_uri=https%3A%2F%2Ftwitchinstudios.com&scope=donations.create%20donations.read%20alerts.write`, {
    headers: {
      "Origin" : "https://twitchinstudios.com",
      "Referer" : "https://twitchinstudios.com"
    },   
    mode: 'no-cors'});
    const code = data.json.code;
    console.log(code);

  // Post to /token endpoint
  const tokenCall = fetch (`https://streamlabs.com/api/v1.0/token?grant_type=authorization_token&client_id=knOhuT74QrSn8h1m8tU8ucrFfVIfUuVpll71ErbI&client_secret=${clientSecret}&redirect_uri=https%3A%2F%2Ftwitchinstudios.com&code=${code}`, {
    method: 'POST',
    mode: 'no-cors'
  })

Here is the documentation for their API as well: https://dev.streamlabs.com/reference

Answer 1

This is not a CORS issue, nor an API issue. It was an issue in my understanding.

For anyone stumbling upon this, check for any Allow-Access headers being passed, and if none are being passed, you're not meant to access it from the web page level.

Instead, allowing my node server to handle the request allowed me access.