I'm trying to bring my json file into my HTML but a error Cross Domain is happening:
XMLHttpRequest cannot load http://guardioesdacidadania.com.br/game_temp/assets/js/caratulas.json?jsoncallback=. The request was redirected to 'http://www.guardioesdacidadania.com.br/game_temp/assets/js/caratulas.json?jsoncallback=', which is disallowed for cross-origin requests that require preflight.
I've tried many different solutions but none of them worked.
Here's my js code.
$.ajax({
url: 'http://guardioesdacidadania.com.br/game_temp/assets/js/caratulas.json?jsoncallback=',
headers: { 'Access-Control-Allow-Origin': '*' },
crossDomain: true,
success: function () { alert('it works') },
error: function() {alert('it doesnt work')},
datatype: 'jsonp'
});
For CORS support to work, the server must be configured to respond with the Access-Control-Allow-Origin header, sending the header with your request does nothing. You can see a bit of information on how to get this to work by visiting : Origin is not allowed by Access-Control-Allow-Origin
If you do not have access to the server, then it is not possible to do it via AJAX so you'll need to create some sort of server side proxy to relay the request through.
Related
I know this question has been asked a lot before, but I literally tried out everything but I'm still getting this error.
I'm trying to fetch json data through ajax in my index.php file.
I'm running my website through apache2 on an ubuntu server. I have no idea where to go from here.
Exact error:
Failed to load http://localhost:32348/getinfo: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
What I tried:
- Adding this to /etc/apache2/apache2.conf File
<ifModule mod_headers.c>
Header set Access-Control-Allow-Origin: *
</ifModule>
- Adding this to in between every <Directory> tag to /etc/apache2/apache2.conf File:
Header set Access-Control-Allow-Origin "*"
- Adding this to my index.php file:
<?php
header('Access-Control-Allow-Origin: *');
?>
- Changing 'json' to 'jsonp', setting crossDomain to true and adding headers to allow origin
function fetchLiveStats() {
$.ajax({
url: api + '/getinfo',
dataType: 'jsonp',
type: 'GET',
crossDomain: true,
headers: {'Access-Control-Allow-Origin': '*'},
success: function(response) {
console.log(response);
},
cache: 'false'
}).done(function(data){
pulseLiveUpdate();
lastStats = data;
currentPage.update();
}).always(function () {
setTimeout(function() {
fetchLiveStats();
}, refreshDelay);
});
}
You need to add the Access-Control-Allow-Origin header to the response from http://localhost:32348/getinfo.
What I tried: - Adding this to /etc/apache2/apache2.conf File
Everything else you've said about your question implies that Apache was hosting the website on port 80, not the one on port 32348. You're changing the wrong server.
A website can't give itself permission to access data that another website will give the owner of the browser.
Changing 'json' to 'jsonp'
Don't use JSONP. It is a dirty hack. (It also requires that http://localhost:32348/getinfo return JSONP, which is almost certainly doesn't).
setting crossDomain to true
That just tells jQuery to not add headers it adds to Same Origin requests in case there is an HTTP redirect to a different origin. This prevents it being a complex request that needs a preflight. Since you aren't requesting a same origin URL in the first place, this does nothing.
adding headers to allow origin
You can't put response headers on the request!
Trying to will turn it into a complex request that requires a preflight, and cause you event more problems.
You need to edit whatever code is responsible for serving http://localhost:32348/getinfo
Don't forget to empty your cache (ipconfig/flushdns) and your browser cache when you try a new update, otherwise, the modifications may not be considered...
I am making an ajax request (with jquery) from my local server to a remote page (which I am the admin) and I get
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://ica.local.com' is therefore not allowed access. The response had HTTP status code 405.
This is how my request looks like:
$.ajax({
url: myurl,
type: "POST",
// This is the important part
xhrFields: {
withCredentials: true
},
// This is the important part
success: function (response) {
// handle the response
},
error: function (xhr, status) {
// handle errors
}
});
The application on the remote server is running on nginx server. I tried to change the conf file of nginx to Access-Control-Allow-Origin: * but it still doesnt work.
It is because both the machines are on different servers. For development purpose you can use chrome extensions already available to fix the purpose.
Just search 'Cross origin issue' on chrome extension page and then include one of extensions
Try to create a sample server file like php and call the remote with curl from php.
Than return the response as json to your is
I'm making an ajax call to a different domain. My team member added the Access-Control-Allow-Origin header to http://localhost:3000 .
$.ajax({
type: 'GET',
url: myurl,
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Bearer '+authorization);
},
crossDomain: true,
// xhrFields: {
// withCredentials: true
// },
contentType: 'application/json',
dataType: 'JSON',
success: function (response) {
if(time_one === 0){
main_result = response;
time_one++;
}
if(response.length==0){
alert("NO Data; Try a valid search")
$('.row3, #paging').hide();
$('.loading-gif').show();
$('#table').html('');
myCallBack(main_result);
}
else{
$('#table').html('')
myCallBack(response);
}
},
error: function(err) {
$('.loading-gif').hide();
$(".pageblocker").hide();
alert('Error: '+JSON.stringify(err));
myCallBack(main_result)
}
});
If I try this way, I'm getting 'Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.' I don't understand why I'm getting such type of error even after adding the ACAO header.
And I also noticed another error if I add the 'withCredentials' attribute.
'Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.' I don't understand the difference between those two errors.
The server at myurl must return the Access-Control-Allow-Origin response header.
If you don’t have access to the server environment for the myurl server to configure that server to send the Access-Control-Allow-Origin response header, then you’ll need to make the request through proxy instead. You can find more details on setting up that kind of proxy in the answer at "No 'Access-Control-Allow-Origin' header is present on the requested resource".
Anyway the fact that adding Access-Control-Allow-Origin to the http://localhost:3000 backend has no effect in this case is expected—because Access-Control-Allow-Origin is a response header that must be sent by the server a request is made to. http://localhost:3000 isn’t that—instead it’s the server serving the frontend JavaScript code that’s initiating the request.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS is the best resource for getting an understanding of how all this stuff works. Some other answers here to take a look at:
Angular 2 HTTP POST returns data but goes to error (cors)
Why isn't rack-cors filtering incoming requests, according to Rspec
Will ASP.net Core CORS policy prevent resource access from non-browser requests?
CORS is a double system checking?
I am using jQuery ajax to send request to some API. Due to the CORS policy I got a CORS error on the browser's console
Here's by code
$.ajax({
url: sendHere,//api url
type: 'GET',
contentType: 'text/plain',
crossDomain: true,
beforeSend: function(xhr){
xhr.withCredentials = true;
},
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Error
'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.mywebsite.com' is therefore not allowed access.
I tried to solve this problem by installing a chrome extension to enable allow cross origin request. This extension somehow solved my problem and got a response from the api. But installing an extension is not good.
I also tried to make the request with JSONP(dataType:'jsonp') but the response given by the api is not in json format, it is string so it gives an error.
Code with JSONP
$.ajax({
url: sendHere,//api url
type: 'GET',
crossDomain: true,
dataType:'jsonp',
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Uncaught ReferenceError: E0002 is not defined
where "E0002" is the response string from the api
!!!PLEASE HELP!!!
There are 2 situations -
If you have control over the api code then
make changes in header and add your origin as well.
If you don't have control to change CORS header that is coming from
the api
you have only one option create a backend code(your own api) in any language you prefer that make an http request and get the data. now use your own api to get data on your frontend.
The cors error is cross origin request policy maintained by the browser for security.
To solve your problem either you will have to allow cors request in your server coding or if you do not have access to the server api code you will have to make the api call from your server to api server
i want to get the part of the different website page to my website content.
i have tried to do that with sending an ajax request to that webpage , but getting an cross domain access error
have any idea how to do that?
for example, i want to get this part only http://gyazo.com/600ee9facec408dd56a69c907293ebed from this website http://www.simbagames.com/en/aboutus.aspx
to my existing webpage, and put that content in my webpage content part
this is how i was tring to do that
jQuery.ajax({
type:'POST',
url: link,
crossDomain: true,
dataType: "html", // this is important
headers: { 'Access-Control-Allow-Origin': '*' },
success: function (data) {
console.log(data);
}
})
No need iframes
is that possible?
You need to add a header to response in aboutus.aspx. Or like Kasyx says, give up javascript and get with cUrl
"Access-Control-Allow-Origin: *"
Actually you cant because in addition by setting "Access-Control-Allow-Origin: *"
A server supporting CORS must respond to requests with several access control headers:
Access-Control-Allow-Origin: "*"
By default, CORS requests are not made with cookies. If the server includes this header, then we can send cookies along with our request by setting the withCredentials option to true.
Access-Control-Allow-Credentials (optional)
If we set the withCredentials option in our request to true, but the server does not respond with this header, then the request will fail and vice versa.
if server not responding you with the Access-Control-Allow-Origin: "*" then you cant fetch data
more about that