1

I am developing a little proof-of-concept web app which is supposed to send a GET request to a server (SAP ABAP system). The server provides ODATA REST Services. When I just paste the Services' URI's in the browser's adress bar, the desired content is displayed immediately. But when I try to make the request via the webapp (using jQuery for AJAX), a CORS-related problem occurs:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:XXXXX' is therefore not allowed access. The response had HTTP status code 401.

My code and further problems I am having with the HTTP Request can be found in this post. I do not understand why requests from just the browser (or fiddler) seem to work without problems but as soon as I send the request from the app (which is hosted locally btw), the CORS problem occurs. And FYI I have no access to server-side code, so there is no possibility of editing the "Access-Control-Allow-Origin" section.

Community
  • 1
  • 1
doktormatte
  • 11
  • 1
  • 8
  • Same question asked here, Maybe it's similar to your question. http://stackoverflow.com/questions/18642828/origin-http-localhost3000-is-not-allowed-by-access-control-allow-origin – Kapil Yadav Aug 25 '16 at 08:55
  • Yeah but people seem to be solving this problem by just adding "Access-Control-Allow-Origin: * " to the response header. As I said, I have no access to any server-side code. – doktormatte Aug 25 '16 at 09:03
  • Then it's not possible, we have to allow cross origin request at server side to accept cross-domain requests. – Kapil Yadav Aug 25 '16 at 09:31
  • 1
    But why is requesting the ressources directly via a browser or via fiddler not a cross-domain request? I am confused... – doktormatte Aug 25 '16 at 09:38
  • @doktormatte - when you request via browser/fiddler, you are hitting http://api_domian/api which is fine; but when you hit it from your app which is running in your domain, say http://localhost or http;yourdomain -> this makes it cross domain as you are requesting it from a different domain – Developer Aug 25 '16 at 09:44

3 Answers3

0

Do you have access to the server that serves up your web page? if so I would relay the request to the remote server via your own server.

Meaning you page asks your server, which in turn asks the remote server.

This way no CORS occurs.

AndreJSON
  • 43
  • 1
  • 8
0

If you don't have access to server side code and if you are sure you always make GET request, then you can use JSONP. But still resolve the CORS using Response header is best solution.

Tharsan Sivakumar
  • 6,351
  • 3
  • 19
  • 28
  • I am already using JSONP for making the request. The problems associated with this approach are discussed in this post: http://stackoverflow.com/questions/39099459/uncaught-syntaxerror-unexpected-token-after-successful-http-request/ – doktormatte Aug 25 '16 at 09:53
0

Cross-origin resource sharing (CORS) is a mechanism that allows many resources (e.g., fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain the resource originated from.

When you directly make a request from the browser ( by typing the url ), CORS doesn't come into effect. However if you make an AJAX request from your browser, it will get blocked too.

If you still want to make requests to the resource from your browser, you will need some extensions like Allow-Control-Allow-Origin: * for Chrome and cors everywhere for Firefox.

mrid
  • 5,782
  • 5
  • 28
  • 71