Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

javascript - Origin http://127.0.0.1 is not allowed by Access-Control-Allow-Origin

I'm making a simple gallery that takes the photos from a picasa account with html + javascript.

First, gets the list of albums and then, for each album, gets the list of photos. The first query works fine, but the others returns this error in the Browser (Chrome):

GET https://picasaweb.google.com/data/entry/base/user/114476218463019618611/albumid/5750459375839674337?alt=json&hl=en_US 404 (Not Found) jquery.js:8240 XMLHttpRequest cannot load https://picasaweb.google.com/data/entry/base/user/114476218463019618611/albumid/5750459375839674337?alt=json&hl=en_US. Origin file:// is not allowed by Access-Control-Allow-Origin.

This is the code:

           var json_Album_URI = "https://picasaweb.google.com/data/feed/base/"
                + "user/"       +   username
                + "?alt="       +   "json"
                + "&kind="      +   "album"
                + "&hl="        +   "en_US"
                + "&fields="    +   "entry(media:group,id)"
                + "&thumbsize=" +   104
                + "&authkey="   +   authkey;

            $.ajax({
                    type: 'GET',
                    url: json_Album_URI,
                    success : function(resp) {
                            albums = resp.feed.entry;
                    },
                    dataType: 'json',
                    async: false
            });
            for (var id in albums) {
                    var album = albums[id];
                    var album_ID = album.id.$t.split('/')[9].split('?')[0];
                    var json_Photo_URI = "https://picasaweb.google.com/data/feed/base/"
                            + "user/"       +   username
                            + "/albumid/"   +   album_ID
                            + "?alt="       +   "json"
                            + "&kind="      +   "photo"
                            + "&hl="        +   "en_US"
                            + "&fields="    +   "entry(media:group)"
                            + "&thumbsize=" +   104
                            + "&authkey="   +   authkey;
                    //this is the ajax call that fails
                    $.ajax( {
                            type: 'GET',
                            url: json_Photo_URI,
                            success: function(photos) {
                                    console.log(photos);
                            },
                            dataType: "json",
                            async: false,
                    });
            }

Thanks.

EDIT:

I notica that if I remove the line:

                            + "/albumid/"   +   album_ID

works (of course, without the expected response).

like image 578
user1439797 Avatar asked Jun 06 '12 12:06

user1439797


People also ask

How do I enable CORS in localhost?

1. Use the proxy setting in Create React App. "proxy": "https://cat-fact.herokuapp.com/", Now when you make an API request to https://localhost:3000/api/facts Create React App will proxy the API request to https://cat-fact.herokuapp.com/facts and the CORS error will be resolved.

How do you fix a CORS error?

To get rid of a CORS error, you can download a browser extension like CORS Unblock ↗. The extension appends Access-Control-Allow-Origin: * to every HTTP response when it is enabled. It can also add custom Access-Control-Allow-Origin and Access-Control-Allow-Methods headers to the responses.

How do I fix not allowed by Access-Control allow origin?

If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard.

How do I give Access-Control allow origin?

Limiting the possible Access-Control-Allow-Origin values to a set of allowed origins requires code on the server side to check the value of the Origin request header, compare that to a list of allowed origins, and then if the Origin value is in the list, set the Access-Control-Allow-Origin value to the same value as ...


1 Answers

It looks like CORS is to blame. Picasa's header responses differ between those two requests. It succeeds when they include access-control-allow-origin:*.

Picasa includes it in: https://picasaweb.google.com/data/entry/base/user/114476218463019618611?alt=json&hl=en_US

But not in: https://picasaweb.google.com/data/entry/base/user/114476218463019618611/albumid/5750459375839674337?alt=json&hl=en_US

like image 142
Nate Barr Avatar answered Oct 18 '22 22:10

Nate Barr