Processing
 

Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin

05/09/2013 17:50#1

bsr

Member

Joined at: 11 months ago

Post: 13

Thank: 0

Thanked: 0

XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.  

I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.

localhost:8080 - Google Appengine dev server localhost:3000 - Node.js server 

I am issuing an ajax request to localhost:8080 - GAE server while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security option). If I have to change 'Content-Type', should I do it at node server? How?

05/09/2013 17:59Top#2

Joined at: 11 months ago

Post: 48

Thank: 0

Thanked: 0

Since they are running on different ports, they are different domains. It doesn't matter that they are on the same machine/hostname.

You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/

All you need to do is add an HTTP header to the server:

Access-Control-Allow-Origin: http://localhost:3000 

Or, for simplicity:

Access-Control-Allow-Origin: * 
05/09/2013 18:08Top#3

Joined at: 10 months ago

Post: 4

Thank: 0

Thanked: 0

You have to enable CORS to solve this

if your app is created with simple node.js

set it in your response headers like

var http = require('http');  http.createServer(function (request, response) { response.writeHead(200, {     'Content-Type': 'text/plain',     'Access-Control-Allow-Origin' : '*',     'Access-Control-Allow-Methods': 'GET,PUT,POST,DELETE' }); response.end('Hello World\n'); }).listen(3000); 

if your app is created with express framework

use a CORS middleware like

var allowCrossDomain = function(req, res, next) {     res.header('Access-Control-Allow-Origin', "*");     res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');     res.header('Access-Control-Allow-Headers', 'Content-Type');     next(); } 

and apply via

app.configure(function() {     app.use(allowCrossDomain);     //some other code });     

Here are two reference links

  1. how-to-allow-cors-in-express-nodejs
  2. diving-into-node-js-very-first-app #see the Ajax section
05/09/2013 18:42Top#4

bsr

Member

Joined at: 11 months ago

Post: 13

Thank: 0

Thanked: 0

I accept @Rocket hazmat's answer as it lead me to the solution. It was indeed on the GAE server I needed to set the header. I had to set these

"Access-Control-Allow-Origin" -> "*" "Access-Control-Allow-Headers" -> "Origin, X-Requested-With, Content-Type, Accept" 

setting only "Access-Control-Allow-Origin" gave error

Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers. 

Also, if auth token needs to be sent, add this too

"Access-Control-Allow-Credentials" -> "true" 

Also, at client, set withCredentials

this causes 2 requests to sent to the server, one with OPTIONS. Auth cookie is not send with it, hence need to treat outside auth.

07/08/2014 11:47Top#5

Chaitanya

Member

Joined at: 11 months ago

Post: 17

Thank: 0

Thanked: 0

I was facing a problem while calling cross origin resource using ajax from chrome.

I have used node js and local http server to deploy my node js app.

I was getting error response, when I access cross origin resource

I found one solution on that ,

1) I have added below code to my app.js file

res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); 

2) In my html page called cross origin resource using $.getJSON();

$.getJSON("http://localhost:3000/users", function (data) {     alert("*******Success*********");     var response=JSON.stringify(data);     alert("success="+response);     document.getElementById("employeeDetails").value=response; }); 
15/06/2016 15:54Top#6

Joined at: 7 months ago

Post: 2

Thank: 0

Thanked: 0

If you need a quick work around in Chrome for ajax requests, this chrome plugin automatically allows you to access any site from any source by adding the proper response header

Chrome Extension Allow-Control-Allow-Origin: *

Similar articles

Chrome, THREE.js: Cross-origin image load denied

5 years ago - Reply: 5 - Views: 269

Prevent Google Chrome Log XMLHttpRequest

3 years ago - Reply: 5 - Views: 276

How can I include ChromeDriver in a JAR?

3 years ago - Reply: 3 - Views: 81

Chrome geolocation not working on any site

3 years ago - Reply: 1 - Views: 46

wrong borders' width in android browser

3 years ago - Reply: 4 - Views: 206

Uncaught SyntaxError: Unexpected token < On Chrome

3 years ago - Reply: 10 - Views: 468

Flashdata not getting cleared in Codeigniter

3 years ago - Reply: 5 - Views: 57

Illegal access Javascript error in Chrome

3 years ago - Reply: 1 - Views: 51

ng-repeat not updating in Chrome

3 years ago - Reply: 1 - Views: 81

Applying border to a checkbox in Chrome

4 years ago - Reply: 2 - Views: 118

open browser plugin using access vba

3 years ago - Reply: 1 - Views: 25

vé máy bay vé máy bay giá rẻ ve may bay ve may bay gia re vé máy bay vé máy bay giá rẻ ve may bay ve may bay gia re vé máy bay vé máy bay giá rẻ ve may bay ve may bay gia re vé máy bay vé máy bay giá rẻ ve may bay ve may bay gia re vé máy bay vé máy bay giá rẻ ve may bay ve may bay gia re vé máy bay vé máy bay giá rẻ ve may bay ve may bay gia re vé máy bay vé máy bay giá rẻ ve may bay ve may bay gia re