Disable Access-Control-Allow-Origin in Chrome and Firefox

Asked

Viewed 25,433 times

2

I’m developing an app using Ionic on Macbook with OS X Yosemite.

When trying to send data via POST or receive via GET to a remote server, error appears: Chrome:

Xmlhttprequest cannot load http://elite-schedule.net/api/leaguedata/2009. No 'Access-Control-Allow-Origin' header is present on the requested Resource. Origin 'http://192.168. 0.13:8100' is therefore not allowed access. The Response had HTTP status code 405

Firefox:

Blocked cross-origin request: Same Origin Policy (Same Origin Policy) prevents reading the remote resource at http://elite-schedule.net/api/leaguedata/2009. (Reason: CORS request failed).

The original code was:

 function getLeagues(callback){

        $http.get('http://elite-schedule.net/api/leaguedata/2009')
          .success(function(data){
            callback(data);
          });
      }

And I modified it to the following, specifying the header

 $http({
            method: 'GET',
            url: 'http://elite-schedule.net/api/leaguedata/2009', 
            headers: {'Access-Control-Allow-Origin': '*'}
        })
          .success(function(data){
            callback(data);

Already followed the guidance given on the site: opensourehacker

The error persists. How to disable these restrictions in these browsers using this operating system?

  • You can’t do this on the customer headers: {'Access-Control-Allow-Origin': '*'}, the locking/unlocking should be done by the server. Who should add the header is the elite-Schedule.net. If you have access to this site you can add it yourself. If not you will have to contact them, or else you will have to create a webproxy.

  • Read: http://answall.com/q/12363/3635, http://answall.com/a/78800/3635, http://answall.com/a/67617/3635

2 answers

3

I had the same problem as you.

The problem is of CORS, by default a web server only accepts requests from the same server, you are probably accessing from outside your backend server (even though you are on the same machine the applications must be in the same apache for example).

You need to enable CORS in the backend, in my case it was a backend Node server, follow the example:

res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Request-Width, Content-Type, Accept");

0

It’s not just setar headers in the backend.

The Web client must define what to accept as well.

In development environment, you can work around the problem (disabling CORS checks in the browser) or solve the problem (set the CORS policies on the client and the headers on the server).

See my answer here: /a/100263/8386

Browser other questions tagged

You are not signed in. Login or sign up in order to post.