0

I'm trying to read a remote RSS feed and getting the follwing error message:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://*.*.*.*' is therefore not allowed access.

Can anyone tell me how to enable CORS so I can resolve this issue - particularly if I don't have admin access to the remote resource?

sisko
  • 9,604
  • 20
  • 67
  • 139
  • What host provider you are using? I think you need to add that header settings into Apache/IIS. – Panu Oksala Feb 09 '14 at 07:54
  • 1
    CORS is a mechanism for the *owner of a resource* to allow other origins to access it. If you don't own the resource, you can't enable CORS. You *can* set up a proxy server that fetches the resource and delivers it to the browser on an allowed origin. – apsillers Feb 09 '14 at 07:57
  • possible duplicate of [Access Control Allow Origin not allowed by](http://stackoverflow.com/questions/9327218/access-control-allow-origin-not-allowed-by) – Ray Nicholus Feb 09 '14 at 14:16

2 Answers2

3

It's up to the remote resource to allow cross-origin resource sharing. The response needs to have a header that specifies that access can come from your domain. Something like:

Access-Control-Allow-Origin: http://xyz.example.com

needs to be present in the response headers.

Without control over what the remote site, there's not much you can do to enable CORS to that site (other than contacting the site administrator).

Other CORS headers and how the entire scheme works is described here (among other places).

Ted Hopp
  • 232,168
  • 48
  • 399
  • 521
  • What about allowed headers ? – Royi Namir Feb 09 '14 at 07:57
  • @RoyiNamir - That's used for pre-flight requests (an OPTIONS request instead of a GET or POST). It's also a response header and requires control over the remote server for it to be implemented. See, for example [this CORS server flowchart](http://www.html5rocks.com/static/images/cors_server_flowchart.png) – Ted Hopp Feb 09 '14 at 08:00
3

Seems like a cross domain request issue. Would you consider just using a middle scrit as a proxy workaround? Then make your javascript request to a php file that grabs the data for and feeds it back such as

<?php
$url = 'http://getmethedatafromyourapi';

header('Content-Type:text/json');
echo file_get_contents($url);
Jay
  • 496
  • 1
  • 4
  • 11