Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

New CORS policy for Instagram public API?

I am using these endpoints with JavaScript Ajax to get Instagram user information and posts:

https://www.instagram.com/[username]/?__a=1

https://www.instagram.com/graphql/query/?query_hash=472f257a40c653c64c666ce877d59d2b&variables={id:[user_id],first:50,after:''}

There was not a CORS policy error before but now i'm getting that error (not every time when i refresh the page, but almost 95% times):

Access to XMLHttpRequest at 'https://www.instagram.com/hannahstocking/?__a=1' from origin 'https://sitename.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Has Instagram started to block these endpoints or added a new rate limit? How can I fix it?

like image 730
I. Sen Avatar asked Feb 23 '21 15:02

I. Sen


1 Answers

Instagram has introduced a strict-origin-when-cross-origin policy and is only allowing the following cross origin sites:

  • https://www.instagram.com
  • https://*.fbcdn.net
  • https://*.instagram.com
  • https://*.cdninstagram.com
  • https://*.facebook.com
  • https://*.fbsbx.com

This leads me to believe that they are restricting websites to display the API data. The data itself is still accessible, just not directly over a website. You would need to use a proxy or a server to resolve it

like image 163
LethalMaus Avatar answered Nov 19 '22 16:11

LethalMaus