No 'Access-Control-Allow-Origin' header is present on the requested resource on steam inventory

Question

Before i declare my problem, yes i know there are other threads about this problem but a dont understood then or couldnt use them on my project.

So now to the Problem. How you see in the title every time when i run my code i get No 'Access-Control-Allow-Origin' header is present on the requested resource as answer. So maybe anyone could help me to find the mistake.

Code:

function GetInv(){
  var json_obj = JSON.parse(Get('http://steamcommunity.com/inventory/76561198122209518/730/2?l=english&count=5000'));
  var assets = json_obj.assets;
  console.log(json_obj);
}

function Get(yourUrl){
  var Httpreq = new XMLHttpRequest(); // a new request
  Httpreq.open("GET",yourUrl,false);
  Httpreq.send(null);
  return Httpreq.responseText;
}

EDIT

Thank you for the answers So i googled for the non CORS-compliant tools and i found this: http://www.test-cors.org/ It gave me this code snippet:

var createCORSRequest = function(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// Most browsers.
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
// IE8 & IE9
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
// CORS not supported.
xhr = null;
}
return xhr;
};

var url = 'http://api.steampowered.com/ISteamEconomy/GetAssetClassInfo/v0001/?key=XXXXXXXXXXXXX&appid=730&class_count=1&classid0=1131459905';
var method = 'GET';
var xhr = createCORSRequest(method, url);

xhr.onload = function() {
console.log("super");
};

xhr.onerror = function() {
console.log("failed");
};

xhr.send();

I tried it but still the same fault. So am i going the right way or am I to dumb to find the answer????

Possible duplicate of [jQuery xml error ' No 'Access-Control-Allow-Origin' header is present on the requested resource.'](http://stackoverflow.com/questions/19821753/jquery-xml-error-no-access-control-allow-origin-header-is-present-on-the-req) — bren, Jan 03 '17 at 15:18

score 0 · Answer 1 · answered Jan 03 '17 at 15:16

Not that long ago, there was a way to scam people on the internet, where the web page would pretend to be the user to submit a request to another server, allowing them to compromise the user's accounts. Google XSS or Cross Site Request Forgery for more information.

Because of the above security concerns, in modern browsers, you cannot make a request to a page of another Origin (domain), unless they explicitly allow it with an Access-Control-Allow-Origin header, which is by domain. There is nothing you can do to resolve this, but I would recommend you use the Steam API to actually get data out of steam

There is a way to resolve this actually - use a non CORS-compliant tool such as making the request on the server / CLI (like curl from the command line, or Node.JS to make the request), browsers implement CORS... That said, you should still use the Steam API as suggested... Anyone kind enough to provide an API should have that respected and used as primary source for obtaining info. — SamMorrowDrums, Jan 03 '17 at 15:32

No 'Access-Control-Allow-Origin' header is present on the requested resource on steam inventory

1 Answers1