I'm running into a weird CORS issue right now.
Here's the error message:
XMLHttpRequest cannot load http://localhost:8666/routeREST/select?q=[...] Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin
Two servers:
Any thought on what could be the problem?
EDIT:
And... the port was the problem. Thanks for your answers :)
If anyone is using a Python bottle server as well, you can follow the answer given on this post to solve the CORS issue: Bottle Py: Enabling CORS for jQuery AJAX requests
Or, your API fails and shows a CORS error in the console. This happens because the same-origin policy is part of the browser's security model which allows websites to request data from APIs of the same URL but blocks those of different URLs. Browsers do this by adding an ORIGIN key in the request.
Short description. Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
Cross-Origin Resource Sharing (CORS) is a mechanism or a protocol that allows devices on one domain to access resources residing on other domains. Generally, for security reasons, browsers forbid requests that come in from cross-domain sources.
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
It is only considered to be the same if the protocol, host and port is the same: Same Origin Policy
If you want to enable it you must follow Cross-Origin Resource Sharing (cors) by adding headers. Mozilla has examples
You need to add Access-Control-Allow-Origin as a header in your response. To allow everyone (you should probably NOT do that):
Access-Control-Allow-Origin: *
If you need to support multiple origins (for example both example.com
and www.example.com
), set the Access-Control-Allow-Origin
in your reply to the value of the Origin
-header from the request (after you verified that the Origin is white-listed.)
Also note that some requests send a preflight-request, with an OPTION-method, so if you write your own code you must handle those requests too. See Mozilla for examples.
The port numbers are different.
A request is considered cross-domain if any of the scheme, hostname, or port do not match.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With