I want to access information from same domain but with different port number, To allow this I am adding Access-Control-Allow-Origin
with the response header.
Servlet Code:(present on www.example.com:PORT_NUMBER)
String json = new Gson().toJson(list);
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
response.setHeader("Access-Control-Allow-Origin", "*");//cross domain request/CORS
response.getWriter().write(json);
jQuery code:(present on www.example.com)
$.post('http://www.example.com:PORT_NUMBER/MYSERVLET',{MyParam: 'value'}).done(function(data)
{
alert(data);
});
Several times I am getting this error(in console):
XMLHttpRequest cannot load 'http://www.example.com:PORT_NUMBER/MYSERVLET'
No 'Access-Control-Allow-Origin' header is present on the requested resource.
This error mostly occures first time when $.post
gets executed. Second time it allows.
My question is that is there missing in servlet
or in jQuery
code?
Any suggestion will be appreciated.
Update1
I have changed:
response.setHeader("Access-Control-Allow-Origin", "*");
To:
response.setHeader("Access-Control-Allow-Origin", "http://www.example.com");
Then I am getting this error in console:
XMLHttpRequest cannot load http://www.example.com:PORT_NUMBER/MyServletName
The 'Access-Control-Allow-Origin' whitelists only 'http://www.example.com'
Origin 'http://www.example.com' is not in the list,
and is therefore not allowed access.
[Note: whitelist and origin are same, but still it gives error. It works sometimes, and gives above error sometimes.]
Let me know if you need anymore information.
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
Solution:
Instead of using setHeader
method I have used addHeader
.
response.addHeader("Access-Control-Allow-Origin", "*");
*
in above line will allow access to all domains, For allowing access to specific domain only:
response.addHeader("Access-Control-Allow-Origin", "http://www.example.com");
For issues related to IE<=9, Please see here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With