New CORS policy for Instagram public API?

Question

I am using these endpoints with JavaScript Ajax to get Instagram user information and posts:

https://www.instagram.com/[username]/?__a=1

https://www.instagram.com/graphql/query/?query_hash=472f257a40c653c64c666ce877d59d2b&variables={id:[user_id],first:50,after:''}

There was not a CORS policy error before but now i'm getting that error (not every time when i refresh the page, but almost 95% times):

Access to XMLHttpRequest at 'https://www.instagram.com/hannahstocking/?__a=1' from origin 'https://sitename.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Has Instagram started to block these endpoints or added a new rate limit? How can I fix it?

Answer 1

Instagram has introduced a strict-origin-when-cross-origin policy and is only allowing the following cross origin sites:

• https://www.instagram.com
• https://*.fbcdn.net
• https://*.instagram.com
• https://*.cdninstagram.com
• https://*.facebook.com
• https://*.fbsbx.com

This leads me to believe that they are restricting websites to display the API data. The data itself is still accessible, just not directly over a website. You would need to use a proxy or a server to resolve it