0

I had been developing a website and had disabled web security to bypass CORS through the following command

chrome.exe --disable-web-security --user-data-dir=/path/to/foo

After successfully developing the website, I uploaded it to my domain but got stuck with the CORS Error. I have tried adding "Access-Control-Allow-Origin": "*", but had no luck.

I can assume CORS error for localhost, but cannot understand why the error persists in my domain?

XMLHttpRequest cannot load https://xxx-xxx.xxxxx.xxxxx.xxxxx.com/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxxxx.xxxxx.com' is therefore not allowed access.

I.Qureshi
  • 1
  • 1
  • In which language you build your web service.On the server will need to set "Access-Control-Allow-Origin" – jitender Feb 17 '17 at 07:26
  • I do not have access to the server. I am calling the web service via ajax request. I have set "Access-Control-Allow-Origin" in the header of the request but no success – I.Qureshi Feb 17 '17 at 07:32
  • I face the same problem recently there you may set "Access-Control-Allow-Origin" on web service.Or you may user nginx for deployment . This may help you http://stackoverflow.com/a/12320736/5621827 – jitender Feb 17 '17 at 07:35
  • I compiled the same code under ionic framework and deployed that as an android app and there seems to be no problem there. Working on the domain, it generates this error. I have included all possible headers for CORS but still no luck. Will keep looking though. Thanks – I.Qureshi Feb 17 '17 at 07:49

2 Answers2

0

To enable CORS your server has to set "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods": "POST, GET, PUT, DELETE" (for example).

For a quick reference you can check the wikipedia or for an in depth info visit de w3c specification.

Pau Gómez
  • 301
  • 1
  • 4
  • I do not have access to the server. It is a third party web service – I.Qureshi Feb 17 '17 at 07:33
  • @I.Qureshi — You can't give yourself permission to access data a third party is sending to a visitor's browser. That would be a terrible security problem. – Quentin Feb 17 '17 at 09:07
  • I have the access to communicate with them. I've already mailed them the issue and am waiting for their response. The only issue is of CORS – I.Qureshi Feb 17 '17 at 09:20
0

The third part webService must be allowed you access or they had done CORS for every origins. So you just communicate with them. Hope it can help you.

Eric.guo
  • 74
  • 14