How to reproduce

1. Open the browser console (F12 or Ctrl+Shift+J)
2. Run the following JavaScript code

   fetch('https://launchermeta.mojang.com/v1/packages/a6ffa27a7b350c6fde9e65e417e9d995c40956c7/1.19.json').then(r => r.json()).then(console.log)
   

   → Notice that the contents of the response are printed to the console
   → Since 2022-07-07 this existing domain also has a restrictive CORS policy

3. Run the following JavaScript code

   fetch('https://piston-meta.mojang.com/v1/packages/a6ffa27a7b350c6fde9e65e417e9d995c40956c7/1.19.json').then(r => r.json()).then(console.log)
   

   → Notice that an error is shown in the console explaining that the request was blocked by CORS policy

Expected behavior

I expected that the URLs would simply change from launchermeta.mojang.com to piston-meta.mojang.com, but remain functionally the same, this includes the CORS headers.

Note that it's not as simple as keeping using launchermeta, since the resources there link to piston-meta, thus breaking existing infrastructure relying on these APIs.

Affected open source projects

This is a seriously harmful breaking change, affecting several open source tools and resources.

• InventivetalentDev/mcasset.cloud - Website to browse through the vanilla assets
• jacobsjo/minecraft-jigsaw-preview - Jigsaw preview tool
• TechMCDocs/TechMCDocs.github.io - Technical Minecraft documentation website
• misode/report - Shows remapped stacktraces of crash reports
• MiniDigger/MiniMappingViewer - Mapping viewer website