We are facing an issue where using Chrome request via XMLHTTPRequest is getting failed with below error:
Failed to load
<server url>
: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<client domain>
' is therefore not allowed access.
This error is Chrome specific since we are not getting this issue in IE. Is there anyway to bypass this error in JavaScript.
One way to override the CORS policy is to install an extension such as Allow-Control-Allow-Origin: *. It Adds the Allow-Control-Allow-Origin: * header to the all the responses that your browser receives. As mentioned above, it disrupts the way that cookies are sent and received, so keep that in mind.
Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
No, fortunately there is not.
The same-origin policy is an security concept implemented by browsers to prevent Javascript code from making requests against a different origin/domain than the one from which it was served. So enabling developers to bypass this from Javascript would be a bad thing.
Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. A web application makes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, and port) than its own origin.
Source: Cross-Origin Resource Sharing (CORS)
If you're in control of the API:
Add an Access-Control-Allow-Origin
header containing the domain your requests are originating from.
If you're not in control of the API:
Ask the developer of the API to have your domain added to an Access-Control-Allow-Origin
header.
EDIT:
Adding the correct header will not 'make the request an OPTIONS
request while the server only accepts POST
'.
The OPTIONS
request is a preflight request to check to see if the CORS call can actually be made. If the preflight request has the correct header, the POST
request will follow as you can see in the image below:
You can find all of the basic CORS information in the article Understanding CORS
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With