Pull Qualtrics API - Cross-site CORS Error

Hi @apitiot and @dvbridges,

Because of the way a number of people have set up our study together, I’m trying to use responses previously recorded in qualtrics to change parts of an online task in psychoJs (3.2.4).

The request to their api is a straightforward get, and I’m having success with curl and python to grab the responses that I want, but when I try to adapt this jquery ajax solution to hit the qualtrics domain instead of pavlovia, I’m running into CORS permissions issues. For example, running from the console after piloting the task to try to grab the json responses, I do:

url = `https://qualtrics.com/API/v3/surveys/${survey_id}/responses/${response_id}`
headers = {'accept': 'application/json', 'x-api-token': token}
$.ajax({url: url, headers: headers}).done(successFunction);

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource. (Reason: CORS request did not succeed).

I’ve done a little bit of work setting CORS headers, but would appreciate a little help here. From my understanding, it’s the CORS header that’s blocking on the xhr server, e.g. qualtrics.com/API/v3, right? Or is it the case that I need to set the permission header on the request from pavlovia, e.g. in the header of the html sent from pavlovia? I can’t imagine I’m the first person trying to use this API from a client browser, right?

Is this something that I can change with pavlovia settings? Or should I bother the qualtrics help desk with this one? I did find this jQuery example directly on their site, but there’s no mention of CORS.

I’m trying to avoid uploading responses in a csv/tsv and changing the actual psychojs repository every time. Can you think of a better solution? Thanks!!

I chatted with @Alain and we think, yes, this is probably something to explore with Qualtrics desk in the first instance. It seems like simply fetching a json file should be doable remotely and would indeed provide the solution you need

Thanks Jon, I spoke with the help desk who said they couldn’t help because “their API works as expected.”

I’m going to dig a bit more to make sure there aren’t any settings to adjust on the pavlovia end and then re-open the ticket with them.

My understanding is that this issue must be resolved on the Pavlovia side. The Pavlovia server needs to set the correct CORS headers to allow the JS request to access the non-Pavlovia API (specifically, Access-Control-Allow-Origin; or, even more specifically in your case: Access-Control-Allow-Origin: https://qualtrics.com). Your browser is blocking the request otherwise.