Not able to call servlet using ajax

Question

I am trying to call servlet using ajax on click event. And from that servlet I am calling google auth end point. I tried set header to the servlet I am calling but I an not able to get rid of this error

XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/auth?client_id=2536-a…nid%20profile%20email&state=F1BFD3804&display=popup. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

Here is the code

$.ajax({
                type: "GET",
                url: "/url-for-servlet",
                dataType: "jsonp",
                contentType:    'application/json',
                error: function (jqXHR, textStatus, errorThrown) {
                    console.log(jqXHR)
                },
                success: function (data) {
                    alert("yippy");
                    console.log(data);

                }
            });

On servlet I added to response

response.addHeader("Access-Control-Allow-Origin", "*");
        response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.addHeader("Access-Control-Max-Age", "3600");
        response.addHeader("Access-Control-Allow-Headers", "x-requested-with");

Any idea what I am missing here? Thanks for the help.

Answer 1

This is a standard security restriction : JS cannot make requests to domains other than their own. So you have an application on localhost making Ajax calls to an application on accounts.google.com - not allowed by default.

See this question

Answer 2

AJAX usually doesn't allow to call other domain API from it. It is called CSRF attack. The solution for you is, Post the data to your server servlet and do the action required there in the backend(Servlet).