XMLHttpRequest cannot load.No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin is therefore not allowed access

Question

i want to signin to a website by sending url,username and password but that sending an error like above XMLHttpRequest cannot load https://example.org. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access..

    <!DOCTYPE html>
<html>
    <head>
        <title>build</title>
    </head>
    <body>
    <script type="text/javascript">

        if (window.XMLHttpRequest)
        {// code for IE7+, Firefox, Chrome, Opera, Safari
            xmlhttp=new XMLHttpRequest();
        }
        else
        {// code for IE6, IE5
            xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }


        xmlhttp.onreadystatechange=function()
        {
            if (xmlhttp.readyState===4 && xmlhttp.status===200)
            {
                document.getElementById("test1").value=xmlhttp.responseText;
            } else
                {
                     alert('Panel not communicating.Reason: '+xmlhttp.status);
                }
        };
        xmlhttp.open("POST","https://bitbucket.org/account/signin/?next=/xyz/xyz.git",true,"username","password");
        xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        xmlhttp.setRequestHeader("Access-Control-Allow-Origin","*");
        xmlhttp.setRequestHeader("Access-Control-Allow-Credentials",true);
        xmlhttp.setRequestHeader("Access-Control-Allow-Methods","POST");
        xmlhttp.send();

    </script>
    </body>
</html>

any one please help me. thanks in advance.

Answer 1

"Access-Control-Allow-Origin" policy is a security manner used in cross domain HTTP requests. It's idea is to net let "everyone" pull data from your server in order to keep the data safe. you can read more here : https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS .