Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CORS header 'Access-Control-Allow-Origin' missing

I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://anotherdomain/test.json. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

var url= 'http://anotherdomain/test.json';         $.ajax({             url: url,             crossOrigin: true,             type: 'GET',             xhrFields: { withCredentials: true },             accept: 'application/json'         }).done(function (data) {             alert(data);                         }).fail(function (xhr, textStatus, error) {             var title, message;             switch (xhr.status) {                 case 403:                     title = xhr.responseJSON.errorSummary;                     message = 'Please login to your server before running the test.';                     break;                 default:                     title = 'Invalid URL or Cross-Origin Request Blocked';                     message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.';                     break;             }         }); 

I've done alternate way but still unable to find the solution.

Note: I've no server rights to make server side(API/URL) changes.

like image 384
immayankmodi Avatar asked Jul 07 '15 18:07

immayankmodi


People also ask

How do I find Access-Control allow origin?

Limiting the possible Access-Control-Allow-Origin values to a set of allowed origins requires code on the server side to check the value of the Origin request header, compare that to a list of allowed origins, and then if the Origin value is in the list, set the Access-Control-Allow-Origin value to the same value as ...

How do you fix CORS origin error?

Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.

What is no Access-Control allow origin?

This error occurs when a script on your website/web app attempts to make a request to a resource that isn't configured to accept requests coming from code that doesn't come from the same (sub)domain, thus violating the Same-Origin policy.


2 Answers

This happens generally when you try access another domain's resources.

This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).

The header of the response, even if it's 200OK do not allow other origins (domains, port) to access the ressources.

You can fix this problem if you are the owner of both domains:

Solution 1: via .htaccess

To change that, you can write this in the .htaccess of the requested domain file:

    <IfModule mod_headers.c>     Header set Access-Control-Allow-Origin "*"     </IfModule> 

If you only want to give access to one domain, the .htaccess should look like this:

    <IfModule mod_headers.c>     Header set Access-Control-Allow-Origin 'https://my-domain.tdl'     </IfModule> 

Solution 2: set headers the correct way

If you set this into the response header of the requested file, you will allow everyone to access the ressources:

Access-Control-Allow-Origin : * 

OR

Access-Control-Allow-Origin : http://www.my-domain.com 

Peace and code ;)

like image 175
TOPKAT Avatar answered Sep 19 '22 08:09

TOPKAT


in your ajax request, adding:

dataType: "jsonp", 

after line :

type: 'GET', 

should solve this problem ..

hope this help you

like image 35
Pegasus Cozza Avatar answered Sep 21 '22 08:09

Pegasus Cozza