Making get request for same domain giving CORS error

Question

In a browser extension, this my ajax call

var xhr = new XMLHttpRequest();
xhr.open('GET', window.location.href, true);
xhr.responseType = "arraybuffer";
xhr.onload = function(event) {
  alert(this.response);
};

I really do not understand why this giving me the error

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://people.cs.aau.dk/~torp/Teaching/E01/Oop/handouts/collections.pdf. (Reason: CORS header 'Access-Control-Allow-Origin' missing)

CORS comes into picture only once we are making the calls to other domain. But here I am making the call to the same domain. You can witness that in url xhr.open('GET', window.location.href, true);

What I am missing here ?

Where is the code running that is giving this error? Your screenshot appears to be the built-in PDF viewer. Knowing the execution context of this code is important. — Mike Trpcic, Jul 26 '16 at 03:53
@MikeTrpcic Code is running in an browser extension. Is there anyway I can avoid this error ? — Suresh Atta, Jul 26 '16 at 04:11
@SameerNaik Code is running in an browser extension. Is there anyway I can avoid this error ? — Suresh Atta, Jul 26 '16 at 04:11
You can add ACAO (Access Control Allow origin) header from server. http://enable-cors.org/server.html — Sameer Naik, Jul 26 '16 at 04:14
@SameerNaik Since this extension can run on anypage, I cannot this on server side. — Suresh Atta, Jul 26 '16 at 04:20
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/118278/discussion-between-ss--and-sameer-naik). — Suresh Atta, Jul 26 '16 at 04:23
Your server needs to send the Allow Origin header in it's response for this to work. Browser extensions don't run in the context of the web page currently in view, they have their own context. — Mike Trpcic, Jul 26 '16 at 04:23
@MikeTrpcic I can't since every web page have it's own server. — Suresh Atta, Jul 26 '16 at 04:29

score 1 · Answer 1 · answered Jul 26 '16 at 10:45

You can use a web service such as CrossOrigin.me to get ahead of it. I used a code like this and it did work for me:

$.ajax({
  url: 'https://crossorigin.me/http://people.cs.aau.dk/~torp/Teaching/E01/Oop/handouts/collections.pdf',
  jsonpCallback: 'callback',
  type: 'GET',
  success: function (data) {
    console.log(data);
  }
});

Fiddle: http://jsfiddle.net/L84u10yj/

I was able to make it working here:

Making get request for same domain giving CORS error

1 Answers1

Linked