GitHub API Bug: Download repository zip CORS

This is a blocker for my application and seems to be causing issues for quite a few other consumers of the GitHub API. This is a CORS problem that should be simple to fix. There is no valid reason that this API should not function from the browser. Please consider addressing this.

[blocked] github.repos.archive() & octokit.repos.uploadAsset() not working in browser due to CORS settings on & · Issue #758 · octokit/rest.js

Hi there @jmcallister-msft :wave:

Thanks so much for joining the Community to get context for the behavior that you’re seeing. Some clarification here is that this is not a bug, but deliberate behavior.

The reason why it’s expected is that it prevents possible abuse of resource usage by downloading large assets from the browser directly.

As a workaround, we recommend making requests to a small proxy you’d build and maintain yourself (or use a public proxy for that purpose).

Beyond this, it would be amazing to both communicate your use case here in this thread, but also submit your feedback via this form:

Those requests get delivered directly to our PM teams for review and consideration.


I would also find this very useful. For my use case, the user needs to be able to download the repository without a server. If there is an issue with resources can’t GitHub set a max limit and chunk the zip file?