stackoom
  简体   繁体   中英

CORS header 'Access-Control-Allow-Origin' missing

 原文  2015-07-07 18:09:53       jquery/ ajax/ json/ cors/ jsonp

Question

I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://anotherdomain/test.json . (Reason: CORS header 'Access-Control-Allow-Origin' missing). 

var url= 'http://anotherdomain/test.json';
        $.ajax({
            url: url,
            crossOrigin: true,
            type: 'GET',
            xhrFields: { withCredentials: true },
            accept: 'application/json'
        }).done(function (data) {
            alert(data);                
        }).fail(function (xhr, textStatus, error) {
            var title, message;
            switch (xhr.status) {
                case 403:
                    title = xhr.responseJSON.errorSummary;
                    message = 'Please login to your server before running the test.';
                    break;
                default:
                    title = 'Invalid URL or Cross-Origin Request Blocked';
                    message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.';
                    break;
            }
        });

I've done alternate way but still unable to find the solution.

Note: I've no server rights to make server side(API/URL) changes.

8 answers

solution1
 81  2015-10-04 07:29:43

This happens generally when you try access another domain's resources.

This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).

The header of the response, even if it's 200OK do not allow other origins (domains, port) to access the resources.

You can fix this problem if you are the owner of both domains:

Solution 1: via .htaccess

To change that, you can write this in the .htaccess of the requested domain file:

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    </IfModule>

If you only want to give access to one domain, the .htaccess should look like this:

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin 'https://my-domain.example'
    </IfModule>

Solution 2: set headers the correct way

If you set this into the response header of the requested file, you will allow everyone to access the resources:

Access-Control-Allow-Origin : *

OR

Access-Control-Allow-Origin : http://www.my-domain.example

solution2
 8  2016-10-04 20:16:15

in your ajax request, adding:

dataType: "jsonp",

after line :

type: 'GET',

should solve this problem ..

hope this help you

solution3
 6  2019-05-11 07:11:47

Server side put this on top of .php:

 header('Access-Control-Allow-Origin: *');

You can set specific domain restriction access:

header('Access-Control-Allow-Origin: https://www.example.com')

solution4
 0  2017-06-21 21:04:52

You have to modify your server side code, as given below

public class CorsResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext,   ContainerResponseContext responseContext)
    throws IOException {
        responseContext.getHeaders().add("Access-Control-Allow-Origin","*");
        responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");

  }
}

solution5
 0  2018-04-12 13:34:47

You must have got the idea why you are getting this problem after going through above answers.

self.send_header('Access-Control-Allow-Origin', '*')

You just have to add the above line in your server side.

solution6
 0  2021-04-22 10:44:43

This worked for me:

Create php file that will download content of another domain page without using js:

<?
//file name: your_php_page.php
echo file_get_contents('http://anotherdomain/test.json');
?>

Then run it in ajax (jquery). Example:

$.ajax({
  url: your_php_page.php,
  //optional data might be usefull
  //type: 'GET',
  //dataType: "jsonp", 
  //dataType: 'xml',
  context: document.body
}).done(function(data) {

  alert("data");
  
});

solution7
 0  2021-12-11 18:12:25

If you are using Express js in backend you can install the package cors, and then use it in your server like this :

const cors = require("cors");
app.use(cors());

This fixed my issue

solution8
 -1  2021-09-11 09:45:34

in your chrome browser

first go to chrome web store and search Moesif Origin & CORS Changer link and click add Chrome 图片1 and click extensions and click on图像2

solution9
 -3  2021-05-30 13:24:55

In a pinch, you can use this Chrome Extension to disable CORS on your local browser.

Allow CORS: Access-Control-Allow-Origin Chrome Extension

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question (Reason: CORS header ‘Access-Control-Allow-Origin’ missing) Apache : CORS header 'Access-Control-Allow-Origin' missing Cross-Origin Request Blocked: & Reason: CORS header 'Access-Control-Allow-Origin' missing Why I get Reason: CORS header 'Access-Control-Allow-Origin' missing while data is returned successfully CORS header 'Access-Control-Allow-Origin' missing only in browser/jquery but OK with curl Cors access-control-allow-origin header not present CORS Error : No 'Access-Control-Allow-Origin' header is present CORS “No 'Access-Control-Allow-Origin' header is present” yet there is Cors header “Access-control-allow-origin” blocked Api Response Jquery + CORS+ Basic Auth with Access-Control-Allow-Origin header: No 'Access-Control-Allow-Origin' header is present on the requested resource
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM