ODS FHIR API - CORS error

jstarmx · 13 September 2023 12:45

My application is directly accessing the ODS FHIR API from the browser. We have several subdomains for testing. If I make a request e.g. https://directory.spineservices.nhs.uk/STU3/Organization/E84044 from dev.mydomain.com, and then the same request from staging.mydomain.com, the second request fails with a CORS error as the Access-Control-Allow-Origin header in the response is still set to dev.mydomain.com. However if I make a request for a different ODS code from from staging.mydomain.com, it’s fine.

It feels like the origin for a request is being cached by the API for specific urls perhaps based on the originating IP address? Is this a deliberate security feature or something unintended?

alan.rawlings2 · 14 September 2023 11:54

Hello jstarmx,

Take a look at this post:

Change to the ORD and STU3 made 5th Sep - Services / Organisation Data Service (ODS) - NHS Digital Developer Community

jstarmx · 14 September 2023 12:51

Thanks very much @alan.rawlings2, I’m still seeing the issue as of yesterday so may reach out to the email address you provided on the other thread.

Topic		Replies	Views
ODS FHIR API question Organisation Data Service (ODS) fhir	2	119	24 June 2024
403 error from ODS FHIR API Organisation Data Service (ODS) fhir	2	338	14 June 2023
Change to the ORD and STU3 made 5th Sep Organisation Data Service (ODS) ods-api , stu	4	355	12 September 2023
CORS Clarification need help: Got CORS error when sending to Integrated Endpoint While Postman success Personal Demographics Service (PDS) pds , fhir , spine	1	135	24 July 2024
Patient Service Search Returns Unknown ODS Codes e-Referral Service (e-RS)	1	23	6 November 2024

ODS FHIR API - CORS error

Related topics