Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

XMLHttpRequest cannot load.?

Tags:

I by chrome->Inspect element->console get this error:

XMLHttpRequest cannot load. Origin is not allowed by Access-Control-Allow-Origin.

What is this resolved?

like image 485
Kate Thompson Avatar asked Aug 23 '11 07:08

Kate Thompson


People also ask

How do I resolve access to XMLHttpRequest?

In simple words, this error occurs when we try to access a domain/resource from another domain. To fix this, if you have access to the other domain, you will have to allow Access-Control-Allow-Origin in the server. This can be added in the headers. You can enable this for all the requests/domains or a specific domain.

How do I fix a blocked CORS policy?

Use a Chrome extension to add Access-Control-Allow-Origin header into every response. To find one of them, just head over to Chrome Webstore and type in "CORS", dozens will show up in the search result. Or you can install CORS Helper, CORS Unblock or dyna CORS right away.

Does XMLHttpRequest support CORS?

The CORS mechanism supports secure cross-origin requests and data transfers between browsers and servers. Modern browsers use CORS in APIs such as XMLHttpRequest or Fetch to mitigate the risks of cross-origin HTTP requests.

What is CORS policy no access-control-allow-origin?

To allow any site to make CORS requests without using the * wildcard (for example, to enable credentials), your server must read the value of the request's Origin header and use that value to set Access-Control-Allow-Origin , and must also set a Vary: Origin header to indicate that some headers are being set ...


2 Answers

You cannot issue requests through the XMLHttpRequest to other domains or subdomains. If you are issuing the request from www.foo.com you also need to target the request at www.foo.com and not leave out the www.

If you really need to hit another domain you can use JsonP where the browser utilizes the <script> tags ability to load scripts from a different domain. The loaded script then executes a callback function to give you the data. But for regular AJAX calls you cannot leave the source domain at all.

See the Wiki article on Same Origin Policy

like image 151
Tigraine Avatar answered Sep 28 '22 10:09

Tigraine


one work around is using Korz which routes all cross origin requests through a third party and sets Access-Control-Allow-Origin header to '*' so the request goes through.

like image 39
yonatan Avatar answered Sep 28 '22 11:09

yonatan