Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CORS error on same domain?

I'm running into a weird CORS issue right now.

Here's the error message:

XMLHttpRequest cannot load http://localhost:8666/routeREST/select?q=[...]  Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin 

Two servers:

  • localhost:8666/routeREST/ : this is a simple Python Bottle server.
  • localhost:8080/ : Python simpleHTTPserver where I run y Javascript application. This app is executing Ajax requests on the server above.

Any thought on what could be the problem?

EDIT:

And... the port was the problem. Thanks for your answers :)

If anyone is using a Python bottle server as well, you can follow the answer given on this post to solve the CORS issue: Bottle Py: Enabling CORS for jQuery AJAX requests

like image 360
Mr_Pouet Avatar asked Nov 13 '13 23:11

Mr_Pouet


People also ask

Why do I get CORS error from same domain?

Or, your API fails and shows a CORS error in the console. This happens because the same-origin policy is part of the browser's security model which allows websites to request data from APIs of the same URL but blocks those of different URLs. Browsers do this by adding an ORIGIN key in the request.

How do I get rid of CORS error?

Short description. Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.

What is CORS and how do you fix it?

Cross-Origin Resource Sharing (CORS) is a mechanism or a protocol that allows devices on one domain to access resources residing on other domains. Generally, for security reasons, browsers forbid requests that come in from cross-domain sources.

Does CORS apply to different ports?

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.


2 Answers

It is only considered to be the same if the protocol, host and port is the same: Same Origin Policy

If you want to enable it you must follow Cross-Origin Resource Sharing (cors) by adding headers. Mozilla has examples

You need to add Access-Control-Allow-Origin as a header in your response. To allow everyone (you should probably NOT do that):

Access-Control-Allow-Origin: * 

If you need to support multiple origins (for example both example.com and www.example.com), set the Access-Control-Allow-Origin in your reply to the value of the Origin-header from the request (after you verified that the Origin is white-listed.)

Also note that some requests send a preflight-request, with an OPTION-method, so if you write your own code you must handle those requests too. See Mozilla for examples.

like image 114
some Avatar answered Sep 28 '22 09:09

some


The port numbers are different.

A request is considered cross-domain if any of the scheme, hostname, or port do not match.

like image 44
jcarpenter2 Avatar answered Sep 28 '22 10:09

jcarpenter2