Missing CORS response header for activity APIs

jl__ · ‎09-01-2024

I've had users report errors that started happening this morning (Sep 1). Based on the browser console screenshots they provided, some of the API responses are missing CORS headers (specifically, access-control-allow-origin). This completely breaks functionality on our website because we make API requests from the browser rather than via a backend.

It looks like it was due to a change/rollout in the API, since it started affecting a subset of users earlier and is now affecting everyone.

It's only happening for activity APIs, such as the steps/distance timeseries. Other APIs like sleep and heart timeseries are unaffected.

RobertDev · ‎09-03-2024

Same problem here. Application is totally broken now. 😞

JohnFitbit · ‎09-03-2024

Hey @jl__,

Thanks for reporting this issue. We're looking into it!

I'll update this thread if we need additional information from everyone impacted.

Stevo1234 · ‎09-22-2024

Is there an update on the fix or when it will likely be fixed?

jl__ · ‎09-23-2024

I haven't seen this particular issue (missing CORS headers) for myself or my users since Sep 6 so hopefully it's been resolved.

Stevo1234 · ‎09-23-2024

At the time of writing this is what shows up on fitbit / cronometer apps - Cronometer should be showing at least 2776 calories burned.

RobertDev · ‎10-11-2024

This problem is back (missing CORS headers). I get it now on the profile endpoint, but maybe more places.

Hope this can be fixed soon, because this error breaks many apps.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Missing CORS response header for activity APIs

jl__

RobertDev

JohnFitbit

Stevo1234

jl__

Stevo1234

RobertDev