Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get around: No 'Access-Control-Allow-Origin' header is present on the requested resource

Tags:

ember.js

ember-data

I have to deal with a RESTful server which is not under my control. When I try to fetch the ID 1 record from it this is the error I get:

XMLHttpRequest cannot load http://www.example.com/api/v1/companies/1.
No 'Access-Control-Allow-Origin' header is present on the requested 
resource. Origin 'http://localhost:4200' is therefore not allowed 
access.

I can curl it on the shell:

$ curl -I http://www.company.com/api/v1/companies/1
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11055
Content-Type: application/javascript
Last-Modified: Thu, 18 Jun 2015 07:30:26 GMT
Accept-Ranges: bytes
ETag: "5e772a598a9d01:0"
P3P: policyref="/w3c/p3p.xml",CP="CAO DSP LAW CURa ADMa DEVa CUSi OUR LEG UNI"
Date: Fri, 19 Jun 2015 13:06:46 GMT
$

I use the following contentSecurityPolicy:

contentSecurityPolicy: {
  'default-src': "'none'",
  'script-src': "'self'",
  'font-src': "'self'",
  'connect-src': "'self' http://www.example.com",
  'img-src': "'self'",
  'style-src': "'self'",
  'media-src': "'self'"
}

How can I fix this? How can I tell Ember to just use it?

like image 803
wintermeyer Avatar asked Jun 19 '15 13:06

wintermeyer

1 Answers

Setting contentSecurityPolicy allows the browser to actually make the request from http://localhost:4200 to http://www.example.com.

If you didn't have this set, you would be seeing an error like:

[Report Only] Refused to connect to 'http://www.example.com/' because it violates the following Content Security Policy directive: "connect-src 'self' http://localhost:* ws://localhost:* ws://localhost:35729 ws://0.0.0.0:35729".

After doing the request, if http://www.example.com doesn't contain a particular header that actually allows http://localhost:4200 to make these requests, the browser throws an error..

For more information take a look at this question: How does Access-Control-Allow-Origin header work?

If you're using Ember CLI for development you can proxy all ajax requests to http://www.example.com/ using:

ember server --proxy http://www.example.com/

But this doesn't solve your problem when moving to production. You will need some other solution for that.

like image 81
jmurphyau Avatar answered Oct 05 '22 05:10

jmurphyau
Sign in to Comment

Related questions

What's the purpose of ArrayController and ArrayProxy?
How to communicate between controllers in Ember.js
Access current route name from a controller or component
transition after saving model of ember data
Model reloading with Ember Data
Sort content of ArrayController
Ember.js - "Cannot perform operations on a Metamorph that is not in the DOM" caused by template
testing ember.js connectOutlet
Class inheritance in Ember Data hasMany associations
Ember.js / Rails and associations: how to submit back to Rails a record and its associations?
Call method from other method within Ember Service
Resolving Ember and Dragula's view of the DOM
return single record with ember-data find() and multiple params
Failed to find a valid digest in the 'integrity' attribute for resource on a deployed emberjs application
emberjs get all form fields / values at once
Programmatically create new routes in Ember
link-to action parameters are not working in ember js
Ember Data does not allow duplicate entries in hasMany relationships

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!