I have a Google project credible-nation-130012 to which I deployed an app written in Java. It uses the AppEngine standard environment. The only contents is a Google endpoint. You can see the sources at GitHub: https://github.com/mhdirkse/least-common-multiplier .
While not logged in with Google, I wanted to test my deployment. To do this, I visited https://credible-nation-130012.appspot.com/_ah/api/explorer using Firefox. My API did not appear. I pressed F12 for developer information and saw the following errors:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS request did not succeed).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS request did not succeed).[Learn More]
Then I closed the tab and visited console.cloud.google.com to log in. After this my API appeared at https://credible-nation-130012.appspot.com/_ah/api/explorer and it worked.
I guess that the API explorer cannot properly access https://accounts.google.com. It expects to get back a header Access-Control-Allow-Origin but that is not present. Does this have anything to do with my application, or is it a bug in the API explorer? Or is this behavior intended by Google? Any help is welcome.
With kind regards,
Martijn Dirkse
By the way: I am demonstrating this project for a job application. If I get help on this question, I will make this clear on GitHub and in communication with possible employers.