Mixing
Origin is not allowed by Access-Control-Allow-Origin
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
119
XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.
I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.
localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server
I am issuing an ajax request to localhost:8080 - GAE server while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security option). If I have to change 'Content-Type', should I do it at node server? How?
javascript node.js ajax
google-chrome cors edited Feb 16 at 10:45
sideshowbarker
34k168399
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
add a comment |
119
XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.
I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.
localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server
I am issuing an ajax request to localhost:8080 - GAE server while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security option). If I have to change 'Content-Type', should I do it at node server? How?
javascript node.js ajax
google-chrome cors edited Feb 16 at 10:45
sideshowbarker
34k168399
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
A faster solution can be found here: stackoverflow.com/a/21622564/4455570
– Gabriel Wamunyu
May 30 '17 at 18:50
add a comment |
119
119
119
36
XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.
I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.
localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server
I am issuing an ajax request to localhost:8080 - GAE server while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security option). If I have to change 'Content-Type', should I do it at node server? How?
javascript node.js ajax
google-chrome cors edited Feb 16 at 10:45
sideshowbarker
34k168399
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.
I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.
localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server
I am issuing an ajax request to localhost:8080 - GAE server while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security option). If I have to change 'Content-Type', should I do it at node server? How?
javascript node.js ajax
google-chrome cors javascript node.js ajax
google-chrome cors edited Feb 16 at 10:45
sideshowbarker
34k168399
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
edited Feb 16 at 10:45
sideshowbarker
34k168399
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
edited Feb 16 at 10:45
sideshowbarker
34k168399
edited Feb 16 at 10:45
sideshowbarker
34k168399
edited Feb 16 at 10:45
sideshowbarker
34k168399
34k168399
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
asked Sep 5 '13 at 17:50
bsrbsr
21.9k66183273
21.9k66183273
A faster solution can be found here: stackoverflow.com/a/21622564/4455570
– Gabriel Wamunyu
May 30 '17 at 18:50
add a comment |
A faster solution can be found here: stackoverflow.com/a/21622564/4455570
– Gabriel Wamunyu
May 30 '17 at 18:50
A faster solution can be found here: stackoverflow.com/a/21622564/4455570
– Gabriel Wamunyu
May 30 '17 at 18:50
A faster solution can be found here: stackoverflow.com/a/21622564/4455570
– Gabriel Wamunyu
May 30 '17 at 18:50
add a comment |
11 Answers
11
active
oldest
votes
131
Since they are running on different ports, they are different JavaScript origin. It doesn't matter that they are on the same machine/hostname.
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
Or, for simplicity:
Access-Control-Allow-Origin: *
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
if we want to add this header into an HTML then what should we do for it?
– Azam Alvi
Oct 30 '13 at 16:42
1
I didn't think that port was necessary but if you're using a non-standard port such as 3000 you have to include it in the CORS policy.
– Michael Connor
Jun 26 '15 at 21:41
4
Thanks for this response. Just wanna highlight the security implications of using '*' as the value here. This allows all origins: developer.mozilla.org/en-US/docs/Web/HTTP/Headers/… Seems like the first example would be best in terms of least access. Details about how to do this with multiple domains here: stackoverflow.com/a/1850482/1566623
– Christopher Kuttruff
May 19 '18 at 7:37
3
For clarity's sake, when it is said that you need to "add an HTTP header to the server", this means that the givenAccess-Control-Allow-Originheader needs to be an added header to HTTP responses that the server sends. This header needs to be part of the server's response, it does not need to be part of the client's request. Specifically what happens is before the client makes the actual request you want, the browser sends anOPTIONSrequest before it, and if the server's response to thatOPTIONSrequest does not contain the header, the browser will not send your desired request.
– AjaxLeung
Nov 19 '18 at 5:34
1
It is important to read the relevant tips for your backend servers at enable-cors.org.
– Karlth
Jan 3 at 14:12
|
show 2 more comments
44
If you need a quick work around in Chrome for ajax requests, this chrome plugin automatically allows you to access any site from any source by adding the proper response header
Chrome Extension Allow-Control-Allow-Origin: *
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
3
I don't know why you're not getting more upvotes. This is the least intrusive for development on localhost with Chrome.
– David Betz
Oct 22 '16 at 14:52
definitely agree. Easy to enable for localhost dev against a remote server without having to change the config for the remote server.
– Jens Wegar
May 16 '17 at 11:08
@DavidBetz: considering you verify the extension and trust it, of course ;)
– haylem
Jun 14 '17 at 13:45
1
THIS SHOULD BE THE TOP ANSWER! Especially where localhost is concerned.
– Mr. Benedict
Aug 24 '17 at 11:29
3
If this was a good solution, CORS would not have been invented in the first place. Applying this header to any host disable the CORS protection and exposes you to malicious scripts, not just yours. Don't be surprised if your bank account is suddenly empty.
– dolmen
Sep 21 '18 at 12:41
|
show 1 more comment
42
You have to enable CORS to solve this
if your app is created with simple node.js
set it in your response headers like
var http = require('http');
http.createServer(function (request, response) {
response.writeHead(200, {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods': 'GET,PUT,POST,DELETE'
});
response.end('Hello Worldn');
}).listen(3000);
if your app is created with express framework
use a CORS middleware like
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', "*");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type');
next();
}
and apply via
app.configure(function() {
app.use(allowCrossDomain);
//some other code
});
Here are two reference links
- how-to-allow-cors-in-express-nodejs
diving-into-node-js-very-first-app #see the Ajax section
edited May 23 '17 at 11:55
Community♦
11
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
can you please specify, how to useconfig.allowedDomains. say in my case what uri should I put there?
– bsr
Sep 5 '13 at 18:15
btw, I use express
– bsr
Sep 5 '13 at 18:15
@bsr : you can use*or thespecific domainyou want to give access to.
– mithunsatheesh
Sep 5 '13 at 18:19
1
so am I the only one gettingapp.configure()is not a function error?
– Pramesh Bajracharya
Nov 22 '17 at 9:40
@PrameshBajrachaya I didn't include the "app.configure" part -- only "app.use(allowCrossDomain)", and it worked for me.
– Giorgos Sfikas
Mar 24 '18 at 18:55
add a comment |
6
I accept @Rocket hazmat's answer as it lead me to the solution. It was indeed on the GAE server I needed to set the header. I had to set these
"Access-Control-Allow-Origin" -> "*"
"Access-Control-Allow-Headers" -> "Origin, X-Requested-With, Content-Type, Accept"
setting only "Access-Control-Allow-Origin" gave error
Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
Also, if auth token needs to be sent, add this too
"Access-Control-Allow-Credentials" -> "true"
Also, at client, set withCredentials
this causes 2 requests to sent to the server, one with OPTIONS. Auth cookie is not send with it, hence need to treat outside auth.
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
add a comment |
3
I was facing a problem while calling cross origin resource using ajax from chrome.
I have used node js and local http server to deploy my node js app.
I was getting error response, when I access cross origin resource
I found one solution on that ,
1) I have added below code to my app.js file
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
2) In my html page called cross origin resource using $.getJSON();
$.getJSON("http://localhost:3000/users", function (data) {
alert("*******Success*********");
var response=JSON.stringify(data);
alert("success="+response);
document.getElementById("employeeDetails").value=response;
});
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
add a comment |
2
In router.js just add code before calling get/post methods. It works for me without errors.
//Importing modules @Brahmmeswar
const express = require('express');
const router = express.Router();
const Contact = require('../models/contacts');
router.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
add a comment |
1
Add this to your NodeJS Server below imports:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
add a comment |
1
I finally got the answer for apache Tomcat8
You have to edit the tomcat web.xml file.
probabily it will be inside webapps folder,
sudo gedit /opt/tomcat/webapps/your_directory/WEB-INF/web.xml
find it and edit it
<web-app>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
This will allow Access-Control-Allow-Origin all hosts.
If you need to change it from all hosts to only your host you can edit the
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:3000</param-value>
above code from * to your http://your_public_IP or http://www.example.com
you can refer here Tomcat filter documentation
Thanks
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
add a comment |
1
If you got 403 after that please reduce filters in WEB.XML tomcat config to the following:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
add a comment |
1
If you are using express, you can use cors middleware as follows:
var express = require('express')
var cors = require('cors')
var app = express()
app.use(cors())
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
add a comment |
0
use dataType: 'jsonp', works for me.
async function get_ajax_data(){
var _reprojected_lat_lng = await $.ajax({
type: 'GET',
dataType: 'jsonp',
data: {},
url: _reprojection_url,
error: function (jqXHR, textStatus, errorThrown) {
console.log(jqXHR)
},
success: function (data) {
console.log(data);
// note: data is already json type, you just specify dataType: jsonp
return data;
}
});
} // function
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f18642828%2forigin-origin-is-not-allowed-by-access-control-allow-origin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
11 Answers
11
active
oldest
votes
11 Answers
11
active
oldest
votes
active
oldest
votes
active
oldest
votes
131
Since they are running on different ports, they are different JavaScript origin. It doesn't matter that they are on the same machine/hostname.
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
Or, for simplicity:
Access-Control-Allow-Origin: *
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
if we want to add this header into an HTML then what should we do for it?
– Azam Alvi
Oct 30 '13 at 16:42
1
I didn't think that port was necessary but if you're using a non-standard port such as 3000 you have to include it in the CORS policy.
– Michael Connor
Jun 26 '15 at 21:41
4
Thanks for this response. Just wanna highlight the security implications of using '*' as the value here. This allows all origins: developer.mozilla.org/en-US/docs/Web/HTTP/Headers/… Seems like the first example would be best in terms of least access. Details about how to do this with multiple domains here: stackoverflow.com/a/1850482/1566623
– Christopher Kuttruff
May 19 '18 at 7:37
3
For clarity's sake, when it is said that you need to "add an HTTP header to the server", this means that the givenAccess-Control-Allow-Originheader needs to be an added header to HTTP responses that the server sends. This header needs to be part of the server's response, it does not need to be part of the client's request. Specifically what happens is before the client makes the actual request you want, the browser sends anOPTIONSrequest before it, and if the server's response to thatOPTIONSrequest does not contain the header, the browser will not send your desired request.
– AjaxLeung
Nov 19 '18 at 5:34
1
It is important to read the relevant tips for your backend servers at enable-cors.org.
– Karlth
Jan 3 at 14:12
|
show 2 more comments
131
Since they are running on different ports, they are different JavaScript origin. It doesn't matter that they are on the same machine/hostname.
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
Or, for simplicity:
Access-Control-Allow-Origin: *
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
if we want to add this header into an HTML then what should we do for it?
– Azam Alvi
Oct 30 '13 at 16:42
1
I didn't think that port was necessary but if you're using a non-standard port such as 3000 you have to include it in the CORS policy.
– Michael Connor
Jun 26 '15 at 21:41
4
Thanks for this response. Just wanna highlight the security implications of using '*' as the value here. This allows all origins: developer.mozilla.org/en-US/docs/Web/HTTP/Headers/… Seems like the first example would be best in terms of least access. Details about how to do this with multiple domains here: stackoverflow.com/a/1850482/1566623
– Christopher Kuttruff
May 19 '18 at 7:37
3
For clarity's sake, when it is said that you need to "add an HTTP header to the server", this means that the givenAccess-Control-Allow-Originheader needs to be an added header to HTTP responses that the server sends. This header needs to be part of the server's response, it does not need to be part of the client's request. Specifically what happens is before the client makes the actual request you want, the browser sends anOPTIONSrequest before it, and if the server's response to thatOPTIONSrequest does not contain the header, the browser will not send your desired request.
– AjaxLeung
Nov 19 '18 at 5:34
1
It is important to read the relevant tips for your backend servers at enable-cors.org.
– Karlth
Jan 3 at 14:12
|
show 2 more comments
131
131
131
Since they are running on different ports, they are different JavaScript origin. It doesn't matter that they are on the same machine/hostname.
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
Or, for simplicity:
Access-Control-Allow-Origin: *
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
Since they are running on different ports, they are different JavaScript origin. It doesn't matter that they are on the same machine/hostname.
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
Or, for simplicity:
Access-Control-Allow-Origin: *
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
edited Sep 29 '17 at 10:48
Mikko Rantalainen
6,08753968
6,08753968
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
answered Sep 5 '13 at 17:59
Rocket HazmatRocket Hazmat
170k31247299
170k31247299
if we want to add this header into an HTML then what should we do for it?
– Azam Alvi
Oct 30 '13 at 16:42
1
I didn't think that port was necessary but if you're using a non-standard port such as 3000 you have to include it in the CORS policy.
– Michael Connor
Jun 26 '15 at 21:41
4
Thanks for this response. Just wanna highlight the security implications of using '*' as the value here. This allows all origins: developer.mozilla.org/en-US/docs/Web/HTTP/Headers/… Seems like the first example would be best in terms of least access. Details about how to do this with multiple domains here: stackoverflow.com/a/1850482/1566623
– Christopher Kuttruff
May 19 '18 at 7:37
3
For clarity's sake, when it is said that you need to "add an HTTP header to the server", this means that the givenAccess-Control-Allow-Originheader needs to be an added header to HTTP responses that the server sends. This header needs to be part of the server's response, it does not need to be part of the client's request. Specifically what happens is before the client makes the actual request you want, the browser sends anOPTIONSrequest before it, and if the server's response to thatOPTIONSrequest does not contain the header, the browser will not send your desired request.
– AjaxLeung
Nov 19 '18 at 5:34
1
It is important to read the relevant tips for your backend servers at enable-cors.org.
– Karlth
Jan 3 at 14:12
|
show 2 more comments
if we want to add this header into an HTML then what should we do for it?
– Azam Alvi
Oct 30 '13 at 16:42
1
I didn't think that port was necessary but if you're using a non-standard port such as 3000 you have to include it in the CORS policy.
– Michael Connor
Jun 26 '15 at 21:41
4
Thanks for this response. Just wanna highlight the security implications of using '*' as the value here. This allows all origins: developer.mozilla.org/en-US/docs/Web/HTTP/Headers/… Seems like the first example would be best in terms of least access. Details about how to do this with multiple domains here: stackoverflow.com/a/1850482/1566623
– Christopher Kuttruff
May 19 '18 at 7:37
3
For clarity's sake, when it is said that you need to "add an HTTP header to the server", this means that the givenAccess-Control-Allow-Originheader needs to be an added header to HTTP responses that the server sends. This header needs to be part of the server's response, it does not need to be part of the client's request. Specifically what happens is before the client makes the actual request you want, the browser sends anOPTIONSrequest before it, and if the server's response to thatOPTIONSrequest does not contain the header, the browser will not send your desired request.
– AjaxLeung
Nov 19 '18 at 5:34
1
It is important to read the relevant tips for your backend servers at enable-cors.org.
– Karlth
Jan 3 at 14:12
if we want to add this header into an HTML then what should we do for it?
– Azam Alvi
Oct 30 '13 at 16:42
if we want to add this header into an HTML then what should we do for it?
– Azam Alvi
Oct 30 '13 at 16:42
1
1
I didn't think that port was necessary but if you're using a non-standard port such as 3000 you have to include it in the CORS policy.
– Michael Connor
Jun 26 '15 at 21:41
I didn't think that port was necessary but if you're using a non-standard port such as 3000 you have to include it in the CORS policy.
– Michael Connor
Jun 26 '15 at 21:41
4
4
Thanks for this response. Just wanna highlight the security implications of using '*' as the value here. This allows all origins: developer.mozilla.org/en-US/docs/Web/HTTP/Headers/… Seems like the first example would be best in terms of least access. Details about how to do this with multiple domains here: stackoverflow.com/a/1850482/1566623
– Christopher Kuttruff
May 19 '18 at 7:37
Thanks for this response. Just wanna highlight the security implications of using '*' as the value here. This allows all origins: developer.mozilla.org/en-US/docs/Web/HTTP/Headers/… Seems like the first example would be best in terms of least access. Details about how to do this with multiple domains here: stackoverflow.com/a/1850482/1566623
– Christopher Kuttruff
May 19 '18 at 7:37
3
3
For clarity's sake, when it is said that you need to "add an HTTP header to the server", this means that the given
Access-Control-Allow-Origin header needs to be an added header to HTTP responses that the server sends. This header needs to be part of the server's response, it does not need to be part of the client's request. Specifically what happens is before the client makes the actual request you want, the browser sends an OPTIONS request before it, and if the server's response to that OPTIONS request does not contain the header, the browser will not send your desired request.– AjaxLeung
Nov 19 '18 at 5:34
For clarity's sake, when it is said that you need to "add an HTTP header to the server", this means that the given
Access-Control-Allow-Origin header needs to be an added header to HTTP responses that the server sends. This header needs to be part of the server's response, it does not need to be part of the client's request. Specifically what happens is before the client makes the actual request you want, the browser sends an OPTIONS request before it, and if the server's response to that OPTIONS request does not contain the header, the browser will not send your desired request.– AjaxLeung
Nov 19 '18 at 5:34
1
1
It is important to read the relevant tips for your backend servers at enable-cors.org.
– Karlth
Jan 3 at 14:12
It is important to read the relevant tips for your backend servers at enable-cors.org.
– Karlth
Jan 3 at 14:12
|
show 2 more comments
44
If you need a quick work around in Chrome for ajax requests, this chrome plugin automatically allows you to access any site from any source by adding the proper response header
Chrome Extension Allow-Control-Allow-Origin: *
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
3
I don't know why you're not getting more upvotes. This is the least intrusive for development on localhost with Chrome.
– David Betz
Oct 22 '16 at 14:52
definitely agree. Easy to enable for localhost dev against a remote server without having to change the config for the remote server.
– Jens Wegar
May 16 '17 at 11:08
@DavidBetz: considering you verify the extension and trust it, of course ;)
– haylem
Jun 14 '17 at 13:45
1
THIS SHOULD BE THE TOP ANSWER! Especially where localhost is concerned.
– Mr. Benedict
Aug 24 '17 at 11:29
3
If this was a good solution, CORS would not have been invented in the first place. Applying this header to any host disable the CORS protection and exposes you to malicious scripts, not just yours. Don't be surprised if your bank account is suddenly empty.
– dolmen
Sep 21 '18 at 12:41
|
show 1 more comment
44
If you need a quick work around in Chrome for ajax requests, this chrome plugin automatically allows you to access any site from any source by adding the proper response header
Chrome Extension Allow-Control-Allow-Origin: *
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
3
I don't know why you're not getting more upvotes. This is the least intrusive for development on localhost with Chrome.
– David Betz
Oct 22 '16 at 14:52
definitely agree. Easy to enable for localhost dev against a remote server without having to change the config for the remote server.
– Jens Wegar
May 16 '17 at 11:08
@DavidBetz: considering you verify the extension and trust it, of course ;)
– haylem
Jun 14 '17 at 13:45
1
THIS SHOULD BE THE TOP ANSWER! Especially where localhost is concerned.
– Mr. Benedict
Aug 24 '17 at 11:29
3
If this was a good solution, CORS would not have been invented in the first place. Applying this header to any host disable the CORS protection and exposes you to malicious scripts, not just yours. Don't be surprised if your bank account is suddenly empty.
– dolmen
Sep 21 '18 at 12:41
|
show 1 more comment
44
44
44
If you need a quick work around in Chrome for ajax requests, this chrome plugin automatically allows you to access any site from any source by adding the proper response header
Chrome Extension Allow-Control-Allow-Origin: *
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
If you need a quick work around in Chrome for ajax requests, this chrome plugin automatically allows you to access any site from any source by adding the proper response header
Chrome Extension Allow-Control-Allow-Origin: *
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
answered Jun 15 '16 at 15:54
Billy BakerBilly Baker
48247
48247
3
I don't know why you're not getting more upvotes. This is the least intrusive for development on localhost with Chrome.
– David Betz
Oct 22 '16 at 14:52
definitely agree. Easy to enable for localhost dev against a remote server without having to change the config for the remote server.
– Jens Wegar
May 16 '17 at 11:08
@DavidBetz: considering you verify the extension and trust it, of course ;)
– haylem
Jun 14 '17 at 13:45
1
THIS SHOULD BE THE TOP ANSWER! Especially where localhost is concerned.
– Mr. Benedict
Aug 24 '17 at 11:29
3
If this was a good solution, CORS would not have been invented in the first place. Applying this header to any host disable the CORS protection and exposes you to malicious scripts, not just yours. Don't be surprised if your bank account is suddenly empty.
– dolmen
Sep 21 '18 at 12:41
|
show 1 more comment
3
I don't know why you're not getting more upvotes. This is the least intrusive for development on localhost with Chrome.
– David Betz
Oct 22 '16 at 14:52
definitely agree. Easy to enable for localhost dev against a remote server without having to change the config for the remote server.
– Jens Wegar
May 16 '17 at 11:08
@DavidBetz: considering you verify the extension and trust it, of course ;)
– haylem
Jun 14 '17 at 13:45
1
THIS SHOULD BE THE TOP ANSWER! Especially where localhost is concerned.
– Mr. Benedict
Aug 24 '17 at 11:29
3
If this was a good solution, CORS would not have been invented in the first place. Applying this header to any host disable the CORS protection and exposes you to malicious scripts, not just yours. Don't be surprised if your bank account is suddenly empty.
– dolmen
Sep 21 '18 at 12:41
3
3
I don't know why you're not getting more upvotes. This is the least intrusive for development on localhost with Chrome.
– David Betz
Oct 22 '16 at 14:52
I don't know why you're not getting more upvotes. This is the least intrusive for development on localhost with Chrome.
– David Betz
Oct 22 '16 at 14:52
definitely agree. Easy to enable for localhost dev against a remote server without having to change the config for the remote server.
– Jens Wegar
May 16 '17 at 11:08
definitely agree. Easy to enable for localhost dev against a remote server without having to change the config for the remote server.
– Jens Wegar
May 16 '17 at 11:08
@DavidBetz: considering you verify the extension and trust it, of course ;)
– haylem
Jun 14 '17 at 13:45
@DavidBetz: considering you verify the extension and trust it, of course ;)
– haylem
Jun 14 '17 at 13:45
1
1
THIS SHOULD BE THE TOP ANSWER! Especially where localhost is concerned.
– Mr. Benedict
Aug 24 '17 at 11:29
THIS SHOULD BE THE TOP ANSWER! Especially where localhost is concerned.
– Mr. Benedict
Aug 24 '17 at 11:29
3
3
If this was a good solution, CORS would not have been invented in the first place. Applying this header to any host disable the CORS protection and exposes you to malicious scripts, not just yours. Don't be surprised if your bank account is suddenly empty.
– dolmen
Sep 21 '18 at 12:41
If this was a good solution, CORS would not have been invented in the first place. Applying this header to any host disable the CORS protection and exposes you to malicious scripts, not just yours. Don't be surprised if your bank account is suddenly empty.
– dolmen
Sep 21 '18 at 12:41
|
show 1 more comment
42
You have to enable CORS to solve this
if your app is created with simple node.js
set it in your response headers like
var http = require('http');
http.createServer(function (request, response) {
response.writeHead(200, {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods': 'GET,PUT,POST,DELETE'
});
response.end('Hello Worldn');
}).listen(3000);
if your app is created with express framework
use a CORS middleware like
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', "*");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type');
next();
}
and apply via
app.configure(function() {
app.use(allowCrossDomain);
//some other code
});
Here are two reference links
- how-to-allow-cors-in-express-nodejs
diving-into-node-js-very-first-app #see the Ajax section
edited May 23 '17 at 11:55
Community♦
11
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
can you please specify, how to useconfig.allowedDomains. say in my case what uri should I put there?
– bsr
Sep 5 '13 at 18:15
btw, I use express
– bsr
Sep 5 '13 at 18:15
@bsr : you can use*or thespecific domainyou want to give access to.
– mithunsatheesh
Sep 5 '13 at 18:19
1
so am I the only one gettingapp.configure()is not a function error?
– Pramesh Bajracharya
Nov 22 '17 at 9:40
@PrameshBajrachaya I didn't include the "app.configure" part -- only "app.use(allowCrossDomain)", and it worked for me.
– Giorgos Sfikas
Mar 24 '18 at 18:55
add a comment |
42
You have to enable CORS to solve this
if your app is created with simple node.js
set it in your response headers like
var http = require('http');
http.createServer(function (request, response) {
response.writeHead(200, {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods': 'GET,PUT,POST,DELETE'
});
response.end('Hello Worldn');
}).listen(3000);
if your app is created with express framework
use a CORS middleware like
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', "*");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type');
next();
}
and apply via
app.configure(function() {
app.use(allowCrossDomain);
//some other code
});
Here are two reference links
- how-to-allow-cors-in-express-nodejs
diving-into-node-js-very-first-app #see the Ajax section
edited May 23 '17 at 11:55
Community♦
11
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
can you please specify, how to useconfig.allowedDomains. say in my case what uri should I put there?
– bsr
Sep 5 '13 at 18:15
btw, I use express
– bsr
Sep 5 '13 at 18:15
@bsr : you can use*or thespecific domainyou want to give access to.
– mithunsatheesh
Sep 5 '13 at 18:19
1
so am I the only one gettingapp.configure()is not a function error?
– Pramesh Bajracharya
Nov 22 '17 at 9:40
@PrameshBajrachaya I didn't include the "app.configure" part -- only "app.use(allowCrossDomain)", and it worked for me.
– Giorgos Sfikas
Mar 24 '18 at 18:55
add a comment |
42
42
42
You have to enable CORS to solve this
if your app is created with simple node.js
set it in your response headers like
var http = require('http');
http.createServer(function (request, response) {
response.writeHead(200, {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods': 'GET,PUT,POST,DELETE'
});
response.end('Hello Worldn');
}).listen(3000);
if your app is created with express framework
use a CORS middleware like
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', "*");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type');
next();
}
and apply via
app.configure(function() {
app.use(allowCrossDomain);
//some other code
});
Here are two reference links
- how-to-allow-cors-in-express-nodejs
diving-into-node-js-very-first-app #see the Ajax section
edited May 23 '17 at 11:55
Community♦
11
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
You have to enable CORS to solve this
if your app is created with simple node.js
set it in your response headers like
var http = require('http');
http.createServer(function (request, response) {
response.writeHead(200, {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods': 'GET,PUT,POST,DELETE'
});
response.end('Hello Worldn');
}).listen(3000);
if your app is created with express framework
use a CORS middleware like
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', "*");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type');
next();
}
and apply via
app.configure(function() {
app.use(allowCrossDomain);
//some other code
});
Here are two reference links
- how-to-allow-cors-in-express-nodejs
diving-into-node-js-very-first-app #see the Ajax section
edited May 23 '17 at 11:55
Community♦
11
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
edited May 23 '17 at 11:55
Community♦
11
edited May 23 '17 at 11:55
Community♦
11
edited May 23 '17 at 11:55
Community♦
11
11
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
answered Sep 5 '13 at 18:08
mithunsatheeshmithunsatheesh
20.8k126288
20.8k126288
can you please specify, how to useconfig.allowedDomains. say in my case what uri should I put there?
– bsr
Sep 5 '13 at 18:15
btw, I use express
– bsr
Sep 5 '13 at 18:15
@bsr : you can use*or thespecific domainyou want to give access to.
– mithunsatheesh
Sep 5 '13 at 18:19
1
so am I the only one gettingapp.configure()is not a function error?
– Pramesh Bajracharya
Nov 22 '17 at 9:40
@PrameshBajrachaya I didn't include the "app.configure" part -- only "app.use(allowCrossDomain)", and it worked for me.
– Giorgos Sfikas
Mar 24 '18 at 18:55
add a comment |
can you please specify, how to useconfig.allowedDomains. say in my case what uri should I put there?
– bsr
Sep 5 '13 at 18:15
btw, I use express
– bsr
Sep 5 '13 at 18:15
@bsr : you can use*or thespecific domainyou want to give access to.
– mithunsatheesh
Sep 5 '13 at 18:19
1
so am I the only one gettingapp.configure()is not a function error?
– Pramesh Bajracharya
Nov 22 '17 at 9:40
@PrameshBajrachaya I didn't include the "app.configure" part -- only "app.use(allowCrossDomain)", and it worked for me.
– Giorgos Sfikas
Mar 24 '18 at 18:55
can you please specify, how to use
config.allowedDomains . say in my case what uri should I put there?– bsr
Sep 5 '13 at 18:15
can you please specify, how to use
config.allowedDomains . say in my case what uri should I put there?– bsr
Sep 5 '13 at 18:15
btw, I use express
– bsr
Sep 5 '13 at 18:15
btw, I use express
– bsr
Sep 5 '13 at 18:15
@bsr : you can use
* or the specific domain you want to give access to.– mithunsatheesh
Sep 5 '13 at 18:19
@bsr : you can use
* or the specific domain you want to give access to.– mithunsatheesh
Sep 5 '13 at 18:19
1
1
so am I the only one getting
app.configure() is not a function error?– Pramesh Bajracharya
Nov 22 '17 at 9:40
so am I the only one getting
app.configure() is not a function error?– Pramesh Bajracharya
Nov 22 '17 at 9:40
@PrameshBajrachaya I didn't include the "app.configure" part -- only "app.use(allowCrossDomain)", and it worked for me.
– Giorgos Sfikas
Mar 24 '18 at 18:55
@PrameshBajrachaya I didn't include the "app.configure" part -- only "app.use(allowCrossDomain)", and it worked for me.
– Giorgos Sfikas
Mar 24 '18 at 18:55
add a comment |
6
I accept @Rocket hazmat's answer as it lead me to the solution. It was indeed on the GAE server I needed to set the header. I had to set these
"Access-Control-Allow-Origin" -> "*"
"Access-Control-Allow-Headers" -> "Origin, X-Requested-With, Content-Type, Accept"
setting only "Access-Control-Allow-Origin" gave error
Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
Also, if auth token needs to be sent, add this too
"Access-Control-Allow-Credentials" -> "true"
Also, at client, set withCredentials
this causes 2 requests to sent to the server, one with OPTIONS. Auth cookie is not send with it, hence need to treat outside auth.
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
add a comment |
6
I accept @Rocket hazmat's answer as it lead me to the solution. It was indeed on the GAE server I needed to set the header. I had to set these
"Access-Control-Allow-Origin" -> "*"
"Access-Control-Allow-Headers" -> "Origin, X-Requested-With, Content-Type, Accept"
setting only "Access-Control-Allow-Origin" gave error
Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
Also, if auth token needs to be sent, add this too
"Access-Control-Allow-Credentials" -> "true"
Also, at client, set withCredentials
this causes 2 requests to sent to the server, one with OPTIONS. Auth cookie is not send with it, hence need to treat outside auth.
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
add a comment |
6
6
6
I accept @Rocket hazmat's answer as it lead me to the solution. It was indeed on the GAE server I needed to set the header. I had to set these
"Access-Control-Allow-Origin" -> "*"
"Access-Control-Allow-Headers" -> "Origin, X-Requested-With, Content-Type, Accept"
setting only "Access-Control-Allow-Origin" gave error
Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
Also, if auth token needs to be sent, add this too
"Access-Control-Allow-Credentials" -> "true"
Also, at client, set withCredentials
this causes 2 requests to sent to the server, one with OPTIONS. Auth cookie is not send with it, hence need to treat outside auth.
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
I accept @Rocket hazmat's answer as it lead me to the solution. It was indeed on the GAE server I needed to set the header. I had to set these
"Access-Control-Allow-Origin" -> "*"
"Access-Control-Allow-Headers" -> "Origin, X-Requested-With, Content-Type, Accept"
setting only "Access-Control-Allow-Origin" gave error
Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
Also, if auth token needs to be sent, add this too
"Access-Control-Allow-Credentials" -> "true"
Also, at client, set withCredentials
this causes 2 requests to sent to the server, one with OPTIONS. Auth cookie is not send with it, hence need to treat outside auth.
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
edited Sep 6 '13 at 0:55
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
answered Sep 5 '13 at 18:42
bsrbsr
21.9k66183273
21.9k66183273
add a comment |
add a comment |
3
I was facing a problem while calling cross origin resource using ajax from chrome.
I have used node js and local http server to deploy my node js app.
I was getting error response, when I access cross origin resource
I found one solution on that ,
1) I have added below code to my app.js file
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
2) In my html page called cross origin resource using $.getJSON();
$.getJSON("http://localhost:3000/users", function (data) {
alert("*******Success*********");
var response=JSON.stringify(data);
alert("success="+response);
document.getElementById("employeeDetails").value=response;
});
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
add a comment |
3
I was facing a problem while calling cross origin resource using ajax from chrome.
I have used node js and local http server to deploy my node js app.
I was getting error response, when I access cross origin resource
I found one solution on that ,
1) I have added below code to my app.js file
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
2) In my html page called cross origin resource using $.getJSON();
$.getJSON("http://localhost:3000/users", function (data) {
alert("*******Success*********");
var response=JSON.stringify(data);
alert("success="+response);
document.getElementById("employeeDetails").value=response;
});
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
add a comment |
3
3
3
I was facing a problem while calling cross origin resource using ajax from chrome.
I have used node js and local http server to deploy my node js app.
I was getting error response, when I access cross origin resource
I found one solution on that ,
1) I have added below code to my app.js file
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
2) In my html page called cross origin resource using $.getJSON();
$.getJSON("http://localhost:3000/users", function (data) {
alert("*******Success*********");
var response=JSON.stringify(data);
alert("success="+response);
document.getElementById("employeeDetails").value=response;
});
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
I was facing a problem while calling cross origin resource using ajax from chrome.
I have used node js and local http server to deploy my node js app.
I was getting error response, when I access cross origin resource
I found one solution on that ,
1) I have added below code to my app.js file
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
2) In my html page called cross origin resource using $.getJSON();
$.getJSON("http://localhost:3000/users", function (data) {
alert("*******Success*********");
var response=JSON.stringify(data);
alert("success="+response);
document.getElementById("employeeDetails").value=response;
});
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
edited Oct 18 '14 at 17:17
brasofilo
21.9k1071143
21.9k1071143
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
answered Aug 7 '14 at 11:47
ChaitanyaChaitanya
514
514
add a comment |
add a comment |
2
In router.js just add code before calling get/post methods. It works for me without errors.
//Importing modules @Brahmmeswar
const express = require('express');
const router = express.Router();
const Contact = require('../models/contacts');
router.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
add a comment |
2
In router.js just add code before calling get/post methods. It works for me without errors.
//Importing modules @Brahmmeswar
const express = require('express');
const router = express.Router();
const Contact = require('../models/contacts');
router.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
add a comment |
2
2
2
In router.js just add code before calling get/post methods. It works for me without errors.
//Importing modules @Brahmmeswar
const express = require('express');
const router = express.Router();
const Contact = require('../models/contacts');
router.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
In router.js just add code before calling get/post methods. It works for me without errors.
//Importing modules @Brahmmeswar
const express = require('express');
const router = express.Router();
const Contact = require('../models/contacts');
router.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
answered Oct 2 '18 at 4:13
Brahmmeswara Rao PalepuBrahmmeswara Rao Palepu
613
613
add a comment |
add a comment |
1
Add this to your NodeJS Server below imports:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
add a comment |
1
Add this to your NodeJS Server below imports:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
add a comment |
1
1
1
Add this to your NodeJS Server below imports:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
Add this to your NodeJS Server below imports:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
answered Apr 17 '18 at 19:47
Ryan CocuzzoRyan Cocuzzo
1,11921539
1,11921539
add a comment |
add a comment |
1
I finally got the answer for apache Tomcat8
You have to edit the tomcat web.xml file.
probabily it will be inside webapps folder,
sudo gedit /opt/tomcat/webapps/your_directory/WEB-INF/web.xml
find it and edit it
<web-app>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
This will allow Access-Control-Allow-Origin all hosts.
If you need to change it from all hosts to only your host you can edit the
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:3000</param-value>
above code from * to your http://your_public_IP or http://www.example.com
you can refer here Tomcat filter documentation
Thanks
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
add a comment |
1
I finally got the answer for apache Tomcat8
You have to edit the tomcat web.xml file.
probabily it will be inside webapps folder,
sudo gedit /opt/tomcat/webapps/your_directory/WEB-INF/web.xml
find it and edit it
<web-app>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
This will allow Access-Control-Allow-Origin all hosts.
If you need to change it from all hosts to only your host you can edit the
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:3000</param-value>
above code from * to your http://your_public_IP or http://www.example.com
you can refer here Tomcat filter documentation
Thanks
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
add a comment |
1
1
1
I finally got the answer for apache Tomcat8
You have to edit the tomcat web.xml file.
probabily it will be inside webapps folder,
sudo gedit /opt/tomcat/webapps/your_directory/WEB-INF/web.xml
find it and edit it
<web-app>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
This will allow Access-Control-Allow-Origin all hosts.
If you need to change it from all hosts to only your host you can edit the
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:3000</param-value>
above code from * to your http://your_public_IP or http://www.example.com
you can refer here Tomcat filter documentation
Thanks
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
I finally got the answer for apache Tomcat8
You have to edit the tomcat web.xml file.
probabily it will be inside webapps folder,
sudo gedit /opt/tomcat/webapps/your_directory/WEB-INF/web.xml
find it and edit it
<web-app>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
This will allow Access-Control-Allow-Origin all hosts.
If you need to change it from all hosts to only your host you can edit the
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:3000</param-value>
above code from * to your http://your_public_IP or http://www.example.com
you can refer here Tomcat filter documentation
Thanks
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
answered May 2 '18 at 9:10
Shinto JosephShinto Joseph
534513
534513
add a comment |
add a comment |
1
If you got 403 after that please reduce filters in WEB.XML tomcat config to the following:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
add a comment |
1
If you got 403 after that please reduce filters in WEB.XML tomcat config to the following:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
add a comment |
1
1
1
If you got 403 after that please reduce filters in WEB.XML tomcat config to the following:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
If you got 403 after that please reduce filters in WEB.XML tomcat config to the following:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
answered Sep 29 '18 at 11:43
Farbod AprinFarbod Aprin
515
515
add a comment |
add a comment |
1
If you are using express, you can use cors middleware as follows:
var express = require('express')
var cors = require('cors')
var app = express()
app.use(cors())
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
add a comment |
1
If you are using express, you can use cors middleware as follows:
var express = require('express')
var cors = require('cors')
var app = express()
app.use(cors())
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
add a comment |
1
1
1
If you are using express, you can use cors middleware as follows:
var express = require('express')
var cors = require('cors')
var app = express()
app.use(cors())
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
If you are using express, you can use cors middleware as follows:
var express = require('express')
var cors = require('cors')
var app = express()
app.use(cors())
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
answered Feb 16 at 9:50
Akalanka WeerasooriyaAkalanka Weerasooriya
623
623
add a comment |
add a comment |
0
use dataType: 'jsonp', works for me.
async function get_ajax_data(){
var _reprojected_lat_lng = await $.ajax({
type: 'GET',
dataType: 'jsonp',
data: {},
url: _reprojection_url,
error: function (jqXHR, textStatus, errorThrown) {
console.log(jqXHR)
},
success: function (data) {
console.log(data);
// note: data is already json type, you just specify dataType: jsonp
return data;
}
});
} // function
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
add a comment |
0
use dataType: 'jsonp', works for me.
async function get_ajax_data(){
var _reprojected_lat_lng = await $.ajax({
type: 'GET',
dataType: 'jsonp',
data: {},
url: _reprojection_url,
error: function (jqXHR, textStatus, errorThrown) {
console.log(jqXHR)
},
success: function (data) {
console.log(data);
// note: data is already json type, you just specify dataType: jsonp
return data;
}
});
} // function
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
add a comment |
0
0
0
use dataType: 'jsonp', works for me.
async function get_ajax_data(){
var _reprojected_lat_lng = await $.ajax({
type: 'GET',
dataType: 'jsonp',
data: {},
url: _reprojection_url,
error: function (jqXHR, textStatus, errorThrown) {
console.log(jqXHR)
},
success: function (data) {
console.log(data);
// note: data is already json type, you just specify dataType: jsonp
return data;
}
});
} // function
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
use dataType: 'jsonp', works for me.
async function get_ajax_data(){
var _reprojected_lat_lng = await $.ajax({
type: 'GET',
dataType: 'jsonp',
data: {},
url: _reprojection_url,
error: function (jqXHR, textStatus, errorThrown) {
console.log(jqXHR)
},
success: function (data) {
console.log(data);
// note: data is already json type, you just specify dataType: jsonp
return data;
}
});
} // function
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
answered Sep 28 '18 at 19:18
hoogwhoogw
1,4661615
1,4661615
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f18642828%2forigin-origin-is-not-allowed-by-access-control-allow-origin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
A faster solution can be found here: stackoverflow.com/a/21622564/4455570
– Gabriel Wamunyu
May 30 '17 at 18:50