Menu
This issue is mentioned in stackoverflow a dozen times already, but I have a different issue.
Chrome first makes an "OPTIONS" call to get the headers. As you can see, the correct headers are there.
For some reason, Chrome doesn't notice the header and cancels the actual request in the same manner that it would if the header wasn't there at all.
The page actually makes three calls and curiously, one of them works.
So the question is, when the header really is there, why does Chrome not respect it? What could I do to debug it?
Update
I tried adding Access-Control-Allow-Methods so now the header response from the OPTIONS call includes these response headers:
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:*
The result is the same.
Setting the headers on the server side
I set the headers on the serverside on every request (in Global.asax.cs Application_BeginRequest)
Response.Headers.Add("Access-Control-Allow-Origin", "*");
Response.Headers.Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
Response.Headers.Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
After investigating with Fiddler
I looked through the raw request and response and found something surprising: The error is a simple HTTP 500 error from the application. Likely because the HTTP 500 error does not contain the right headers, Chrome doesn't show the returned error but instead shows the header related error.
Answer
So in conclusion, if Chrome gives says No 'Access-Control-Allow-Origin' header it might actually cover up a HTTP 500 error. This can be determined by checking request and response in Fiddler.
374
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
i. Turn OFF the CORS plugin, reload the app, at this time you should still get the errors which are correct. ii. Turn it back ON, reload the app, if the APIs are successful, stop here, no need to proceed to iii.
So to fix, type the target and the origin equally: make you Ajax code request pages/services to http://www.wordicious.com not http://wordicious.com . (Maybe place the target URL relatively, like '/login. php' , without the domain).
Simply activate the add-on and perform the request. CORS or Cross-Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature.
If Chrome says No 'Access-Control-Allow-Origin' header it might actually cover up a HTTP 500 error. This can be determined by checking request and response in Fiddler.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
