0

I have a form in my web application where customers can set a video manifest. However, a customer is reporting that he can't do so. Trying to do it by myself, I'm getting the following error:

XMLHttpRequest cannot load http://resource_ip:1234/index.m3u8. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my_server_ip:1234' is therefore not allowed access.

However, from my computer I can wget http://resource_ip:1234/index.m3u8 without any problem. Also, I can do so from another EC2 instance, so I don't think they are blocking AWS ip range. Also I can retrieve the manifest using Chrome or Firefox in my computer.

So what might be the reason?

  • Browsers need for the site at `http://resource_ip:1234/index.m3u8` to send an `Access-Control-Allow-Origin` HTTP header if anybody wants to fetch it cross-origin from JavaScript on the client side. CORS restrictions are imposed on the client side by Web browsers. But `wget` doesn’t impose any CORS restrictions, so it’s expected that you’ll see different behavior fetching something with `wget` than you would trying to fetch it cross-origin from JavaScript in a browser. – sideshowbarker Oct 13 '16 at 11:01
  • @sideshowbarker but I could also download that index.m3u8 using either Firefox or Chrome on my computer as well. –  Oct 13 '16 at 11:48
  • Directly, yes. By Ajax, no. – Clive Oct 13 '16 at 11:50

1 Answers1

0

Ok, so now I understand it.

CORS works for Javascript / AJAX requests, that's why the application is receiving the error, but when I'm directly accessing the resource using either my browser or wget, I am not.

  • 1
    This doesn't seem to really answer the question. You're asking why JavaScript gets the error message but wget does not, and then your answer is "because it is JavaScript". – Quentin Oct 13 '16 at 13:54