GET via jQuery on a different server, problem with CORS

Asked

Viewed 1,300 times

1

I’m trying to make a call GET/AJAX for a URL which is different from the one I’m making the call, but I always get the message in the browser:

Failed to load http://urldoserver.com/: No 'Access-Control-Allow-Origin' header is present on the requested Resource. Origin 'http://meuserver.com/' is therefore not allowed access.

I’ve tried so much on server Apache as NGINX and enable the CORS according to the documentation and some tips. I even tried via PHP add the header:

<?php header("Access-Control-Allow-Origin: *"); ?>

But I always get the blocking message from CORS. Via POSTMAN the call normally occurs.

I must ask the server administrator to release the IP from my server to perform the calls or I am mistakenly configuring the CORS or the call from my side on the server?

javascript jquery cors

3 answers

3

Answering the question itself, every question boils down that I was always trying to make a POST/GET request to a URL other than mine but, doing so through the browser, ie in the client-side.

When in fact I should be doing this on the server-side, ie using PHP (Curl), Node.JS (HTTP Request).

Blocking happens exactly because the browser is prohibited from doing this type of action and will always result with CORS error.

  • I’d like to know, is there any way I can create a JSON API and consume it from within one of the application files?

  • 1

    No problem, because the application will consume in localhost your API.

  • Ahhhh, in this case the URL would look like localhost:8100 (generic localhost)?

  • 1

    That’s right, if your API is on port 8100 just call with that URL. Type http://localhost:8100/alguma_rota

  • Thanks, you saved my TCC

1

You are making a requisition AJAX for a domain other than your page is enabled. Therefore, the browser is blocking this as it usually allows a request from the same source for security reasons. You need to do something different when you want to cross-domain order. A tutorial on how to achieve this with CORS (both with AJAX as to XMLHttpRequest ).

When you’re using the POSTMAN, they are not restricted by this policy. Quote from Cross-Origin Xmlhttprequest :

Regular web pages can use the Xmlhttprequest object to send and receive data from remote servers, but they are limited by the same source policy. Extensions are not so limited. An extension can chat with remote servers outside their origin, provided that first request cross source permissions.

  • I had gone through this tutorial yesterday, I performed new test today and yet it keeps pointing the lock in the browser. Now what is funny, at least in this case this URL that I am making the call is that although the error appears on the console, it is giving a positive answer.

0

I created a class to help solve this problem:

/*
* Função Auxiliar para resolver o problema no chrome
*/

Auxi::Cors();

Here is the class:

<?php


final class Auxi{


    public static function Cors() {

        // Allow from any origin
        if (isset($_SERVER['HTTP_ORIGIN'])) {
            header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
            header('Access-Control-Allow-Credentials: true');
            header('Access-Control-Max-Age: 86400');    // cache for 1 day
        }

        // Access-Control headers are received during OPTIONS requests
        if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

            if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
                // may also be using PUT, PATCH, HEAD etc
                header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

            if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
                header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

            exit(0);
        }
    }

    private function __construct()
    {

    }
}
?>

Browser other questions tagged javascript jquery cors

You are not signed in. Login or sign up in order to post.