No 'Access-Control-Allow-Origin' header is present on the requested resource

Sorry_Duh · April 28, 2021, 10:47pm

Will the meta heads do anything a few suggested it it they do where do I put them?

patrick · April 29, 2021, 8:04am

Meta tags will not help with CORS. The .htaccess suggestion works, but only if you have an apache webserver which you probably don’t use when using node.

Did the restart work, what is the contents of the config.json? (remove/hide the secret for security reasons)

Sorry_Duh · April 29, 2021, 11:22am

{
  "debug": true,
  "secret": "SECRETRREMOVED",
  "cors": {
    "origin": "*",
    "methods": "GET,POST,PUT,PATCH,DELETE"
  }
}

Restart did nothing and I think my server is Apache I may be wrong.

Sorry_Duh · April 30, 2021, 3:45pm

I’d just like to thanks everyone for there patience on this issue it was my first time with CORS and wanted to make sure I set it up right before attempting a new host (my old one wasn’t very helpful on if it was / wasn’t possible to setup etc support wasn’t great) but I moved host and all I had to do was publish the site make it into a node app and it works great.

philipwids · October 11, 2021, 7:51am

This is happening because of the CORS 3 (Cross Origin Resource Sharing) . For every HTTP request to a domain, the browser attaches any HTTP cookies associated with that domain. This is especially useful for authentication, and setting sessions. You are doing an XMLHttpRequest to a different domain than your page is on. So the browser is blocking it as it usually allows a request in the same origin for security reasons. You need to do something different when you want to do a cross-domain request.

JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers. You’re on domain example.com, and you want to make a request to domain example.nett . To do so, you need to cross domain boundaries. JSONP is really a simple trick to overcome the XMLHttpRequest same domain policy. So, instead of using XMLHttpRequest we have to use < script > HTML tags, the ones you usually use to load JavaScript files , in order for JavaScript to get data from another domain.

Localhost

If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

Access-Control-Allow-Origin: http://localhost:9999

Also, this kind of trouble is now partially solved simply by using the following jQuery instruction:

<script> 
    $.support.cors = true;
</script>