Getting through CORS Policy

Question

I have tried all I could after reading CORS policy from MDN , and even using the below code from from https://www.html5rocks.com/en/tutorials/cors/. I just wanted to fetch a wiki page(given). It spit error message which shows that it runs onerror method. At the console I prints "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://en.wikipedia.org/wiki/Main_Page. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)."


// Create the XHR object.
function createCORSRequest(method, url) {
  var xhr = new XMLHttpRequest();
  if ("withCredentials" in xhr) {
    // XHR for Chrome/Firefox/Opera/Safari.
    xhr.open(method, url, true);
  } else if (typeof XDomainRequest != "undefined") {
    // XDomainRequest for IE.
    xhr = new XDomainRequest();
    xhr.open(method, url);
  } else {
    // CORS not supported.
    xhr = null;
  }
  return xhr;
}

// Helper method to parse the title tag from the response.
function getTitle(text) {
  return text.match('(.*)?')[1];
}

// Make the actual CORS request.
function makeCorsRequest() {
  // This is a sample server that supports CORS.
 // var url = 'http://html5rocks-cors.s3-website-us-east-1.amazonaws.com/index.html';
 var url = 'https://en.wikipedia.org/wiki/Main_Page';
  var xhr = createCORSRequest('GET', url);
  if (!xhr) {
    alert('CORS not supported');
    return;
  }

  // Response handlers.
  xhr.onload = function() {
    var text = xhr.responseText;
    var title = getTitle(text);
    alert('Response from CORS request to ' + url + ': ' + title);
  };

  xhr.onerror = function() {
    alert('Woops, there was an error making the request.');
  };

  xhr.send();
}

Would be a lot more helpful if you actually said what happened when you tried using the above code. Make sure your questions are easy to answer by including all the details. — JK., Dec 19 '16 at 07:14
You seem to have abandoned the tutorial you were reading at about [this point in it](https://www.html5rocks.com/en/tutorials/cors/#toc-adding-cors-support-to-the-server). You shouldn't have stopped reading. — Quentin, Dec 19 '16 at 07:17
CORS is not something you need to overcome or "get through" (which suggests being able to ignore CORS and do what you want regardless) - just before CORS, cross origin requests were basically being blocked, and before that, cross origin requests were a pretty big security issue ... so, CORS was born, to let servers control who gets access to their resources in web pages - if a site soes not issue CORS headers, it's because they don't want you easily stealing/borrowing/showing their resources for your website — Jaromanda X, Dec 19 '16 at 07:36

score -3 · Answer 1 · answered Dec 19 '16 at 07:25

-3

You can use iframe,

document.getElementById("iFrame").src ="https://en.wikipedia.org/wiki/Main_Page";

answered Dec 19 '16 at 07:25

Naveen Swayamvarpu

1
1

and then the data in the iframe is not available to the main page - so, not helpful at all – Jaromanda X Dec 19 '16 at 07:31
Yeah agreed. Data cannot be retrieved from iframe. As the user618677 wanted to display the page, so suggested to use iframe – Naveen Swayamvarpu Dec 19 '16 at 07:48
Marking him down is not pretty cool... It pays to point out his errors. @NaveenSwayamvarpu, I didn't state anywhere that I wanted to display that page. And if you had paid attention to the JS you would have noticed that that page was parsed and only title extracted. However, thanks for your attempts at helping me. – user618677 Dec 19 '16 at 07:53
`Marking him down is not pretty cool` why? "The answer is not useful" – Jaromanda X Dec 19 '16 at 08:00
But this site's mission is to educate and expand knowledge. Not basically voting game. Yes his answer is not useful, but it also shows his understanding of the question and limit of his knowledge. Helping him to improve his understanding won't be wrong. – user618677 Dec 19 '16 at 08:08

Getting through CORS Policy

1 Answers1