The support.orcid.org website is on a UserVoice platform that has a different privacy policy from our other sites. You may view the details at http://support.orcid.org/tos
X

I suggest that...

Add access-control-allow-headers: "...Authorization"

I might be missing something, but... When retrieving data from the public API using the method described at [1], you first fetch an access_token, which then has to be passed in the Authorization header for the subsequent request. Since that is not a CORS-safelisted request-header, though, the browser first performs an OPTIONS request.

The response does include an "access-control-allow-headers" header, but this doesn't whitelist the Authorization header, upon which the browser blocks the actual request.

Thus, it'd be nice if that could be added, at least for the /orcid-bio/ request.

[1] https://members.orcid.org/api/tutorial-retrieve-data-using-public-api

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    VincentVincent shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  ORCID (APAC/MEA)AdminORCID (APAC/MEA) (Admin, ORCID) responded  · 

    Thanks for your suggestion to improve the ORCID Registry.

    ORCID does not offer a secure method to exchange credentials via the browser, which is why we limit its use. We therefore shall mark this idea as declined.

    We would suggest instead that you exchange credentials in a server-to-server setting. You are welcome to join the ORCID API Users Group, a public listserv for all users of the ORCID API as well as members of our development and community teams, to discuss some ideas on how to do this (node.Js). Join us at https://groups.google.com/group/orcid-api-users

    Warm regards,
    ORCID Community Team

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base