No 'Access-Control-Allow-Origin' header is present on the requested resource


#1

Hi,

Some weeks ago we created a website using the hubspot API.
We are using AJAX calls to communicate with the hubspot API, this works on the domain that hubspot generates for us.
Or atleast this used to work.
It seems now Hubspot also blocked AJAX API calls on their own generated domains?
Could someone confirm this or give another reason as to why the API suddenly does not work anymore.

Thx


#2

Hi @matbro360

The HubSpot APIs do not support AJAX requests, as detailed here:

Making the requests client side exposes your API key to anyone visiting your site, which would give them access to your HubSpot data (including all of your contact data).

There was previously a configuration error that did allow AJAX requests from hs-sites.com domains, but this was never inteded to be supported and was recently fixed. Aside from the security issues mentioned above, this would also cause any functionality that happened to work on the staging domain to stop working when the site was published to your live domain.