CORS policy on the Sonarcloud web api

Hello :wave:
I’m trying to use the sonarcloud web api to gather measurements from a public project. But I have some trouble regarding the CORS policy how am I supposed to work with it?

I tried this: https://sonarcloud.io/api/measures/component_tree?component=brave_brave-core&metricKeys=code_smells&ps=10&p=1

This works on my browser or Postman but doesn’t when I try to use something like Axios to make a GET request.

axios.get(‘https://sonarcloud.io/api/measures/component_tree?component=brave_brave-core&metricKeys=code_smells&ps=20&p=1’)
.then(response => {
console.log(response.data)
})

Access to XMLHttpRequest at ‘https://sonarcloud.io/api/[...]’ from origin ‘http://localhost:8000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Is there a workaround?

Thanks!

Hey there.

We don’t have any plans to enable CORS on SonarCloud – we even have a rule about how having a permissive Cross-Origin Resource Sharing policy is security-sensitive :slight_smile:

If you are designing a webpage around data from SonarCloud, you will want to make sure the SonarCloud API is called on the server-side and not on the client-side.

Thank you for the answer :slight_smile:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.