Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

No Access-Control-Allow-Origin header is present on the requested resource

I want to access information from same domain but with different port number, To allow this I am adding Access-Control-Allow-Origin with the response header.

Servlet Code:(present on www.example.com:PORT_NUMBER)

String json = new Gson().toJson(list);
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
response.setHeader("Access-Control-Allow-Origin", "*");//cross domain request/CORS
response.getWriter().write(json);

jQuery code:(present on www.example.com)

$.post('http://www.example.com:PORT_NUMBER/MYSERVLET',{MyParam: 'value'}).done(function(data)
{
    alert(data);
});

Several times I am getting this error(in console):

XMLHttpRequest cannot load 'http://www.example.com:PORT_NUMBER/MYSERVLET'
No 'Access-Control-Allow-Origin' header is present on the requested resource.

This error mostly occures first time when $.post gets executed. Second time it allows.

My question is that is there missing in servlet or in jQuery code?

Any suggestion will be appreciated.

Update1

I have changed:

response.setHeader("Access-Control-Allow-Origin", "*");

To:

response.setHeader("Access-Control-Allow-Origin", "http://www.example.com");

Then I am getting this error in console:

XMLHttpRequest cannot load http://www.example.com:PORT_NUMBER/MyServletName
The 'Access-Control-Allow-Origin' whitelists only 'http://www.example.com'
Origin 'http://www.example.com' is not in the list,
and is therefore not allowed access.

[Note: whitelist and origin are same, but still it gives error. It works sometimes, and gives above error sometimes.]

Let me know if you need anymore information.

like image 219
Bhushan Avatar asked Jan 02 '14 11:01

Bhushan


People also ask

How do I fix CORS header Access-Control allow Origin missing?

If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.


1 Answers

Solution:
Instead of using setHeader method I have used addHeader.

response.addHeader("Access-Control-Allow-Origin", "*");

* in above line will allow access to all domains, For allowing access to specific domain only:

response.addHeader("Access-Control-Allow-Origin", "http://www.example.com");

For issues related to IE<=9, Please see here.

like image 174
Bhushan Avatar answered Oct 21 '22 00:10

Bhushan