Cross-domain requests stopped working due to no `Access-Control-Allow-Origin` header present in the response

Question

I have an error reporting beacon I created using Google Apps script and it is published to run as myself and to be accessible to "anyone, even anonymous," which should mean that X-domain requests to GAS are allowed.

However, my browsers are now indicating there is no Access-Control-Allow-Origin header on the response after the code posts to the beacon.

Am I missing something here? This used to work as recently as two months ago. So long as the GAS was published for public access, then it was setting the Access-Control-Allow-Origin header.

In Google Apps Script:

Code.gs

function doPost(data){   if(data){         //Do Something   }   return ContentService.createTextOutput("{status:'okay'}", ContentService.MimeType.JSON); } 

Client Side:

script.js

$.post(beacon_url, data, null, "json"); 

Answer 1

When making calls to a contentservice script I always have sent a callback for JSONP. Since GAS does not support CORS this is the only reliable way to ensure your app doesn't break when x-domain issues arrive.

Making a call in jQuery just add "&callback=?". It will figure everything else out.

 var url = "https://script.google.com/macros/s/{YourProjectId}/exec?offset="+offset+"&baseDate="+baseDate+"&callback=?";  $.getJSON( url,function( returnValue ){...}); 

On the server side

function doGet(e){  var callback = e.parameter.callback;  //do stuff ...  return ContentService.createTextOutput(callback+'('+ JSON.stringify(returnValue)+')').setMimeType(ContentService.MimeType.JAVASCRIPT); }