I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://anotherdomain/test.json. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
var url= 'http://anotherdomain/test.json'; $.ajax({ url: url, crossOrigin: true, type: 'GET', xhrFields: { withCredentials: true }, accept: 'application/json' }).done(function (data) { alert(data); }).fail(function (xhr, textStatus, error) { var title, message; switch (xhr.status) { case 403: title = xhr.responseJSON.errorSummary; message = 'Please login to your server before running the test.'; break; default: title = 'Invalid URL or Cross-Origin Request Blocked'; message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.'; break; } });
I've done alternate way but still unable to find the solution.
Note: I've no server rights to make server side(API/URL) changes.
Limiting the possible Access-Control-Allow-Origin values to a set of allowed origins requires code on the server side to check the value of the Origin request header, compare that to a list of allowed origins, and then if the Origin value is in the list, set the Access-Control-Allow-Origin value to the same value as ...
Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
This error occurs when a script on your website/web app attempts to make a request to a resource that isn't configured to accept requests coming from code that doesn't come from the same (sub)domain, thus violating the Same-Origin policy.
This happens generally when you try access another domain's resources.
This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).
The header of the response, even if it's 200OK do not allow other origins (domains, port) to access the ressources.
You can fix this problem if you are the owner of both domains:
To change that, you can write this in the .htaccess of the requested domain file:
<IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>
If you only want to give access to one domain, the .htaccess should look like this:
<IfModule mod_headers.c> Header set Access-Control-Allow-Origin 'https://my-domain.tdl' </IfModule>
If you set this into the response header of the requested file, you will allow everyone to access the ressources:
Access-Control-Allow-Origin : *
OR
Access-Control-Allow-Origin : http://www.my-domain.com
Peace and code ;)
in your ajax request, adding:
dataType: "jsonp",
after line :
type: 'GET',
should solve this problem ..
hope this help you
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With