-1

I really researche for hours, but did not find any solution yet. I would like to get some data from a different server via jQuery and ajax. I get this error message in my chrome console:

XMLHttpRequest cannot load https://editeddomain.com//somedata.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. The response had HTTP status code 401.

This is my set up:

  • PHPStorm 2016.1
  • jQuery v3.2.1
  • Google Chrome
  • Fedora 25

This is what I already tried and I still get the same error:

  • <?php header('Access-Control-Allow-Origin: *'); ?>
  • Started Chrome with --disable-web-security
  • Installed the Chrome Extension Allow-Control-Allow-Origin: *
  • Installed the Chrome Extension JetBrains IDE Support and added like JetBrains recommended http://*/*

So none of those helped me and I am still seeing the error message.

PS: This tool is only for me, so that's why it is not and never will be installed on a different webserver than my PHPStorm environment

Sylnois
  • 1,589
  • 6
  • 23
  • 47
  • You should really work with the headers on the server instead of all of those plugins if you ever want this to go into production. The server headers are the problem. Make sure you put that part of the script at the top of the application. Here is a pretty awesome answer: http://stackoverflow.com/questions/8719276/cors-with-php-headers – Randy May 01 '17 at 09:37
  • php header should do the trick, maybe you put them in the wrong place? Are you sure your request gets this headers? Is it a GET request? Did you check what "Response" section in chrome developer tools says? – Timur May 01 '17 at 10:24

3 Answers3

0

For chrome, add another parameter in addition to --disable-web-security:

--user-data-dir

This was introduced at a later stage by Google.

Also, for this to work, make sure you close ALL instances of Chrome, and then open the one with the parameters in it. And it will only work with the first tab opened there. It will have a yellow bar stating you're using an insecure tab.

trueicecold
  • 820
  • 10
  • 23
  • Thank you, this helped me for now! If I decide to go public with my webapp, I will of course set up an webserver which can handle the CORS like everyone explained. But for now the quciksolution helped me like you said :) – Sylnois May 01 '17 at 11:09
0

The problem with CORS is that every browser needs different solution. So far it seems better to use jsonp until they unify CORS.

Volt
  • 99
  • 1
  • 7
0

You will need to add this headers to the "json" file. So in your example:

https://editeddomain.com//somedata.json <- this response should have the correct cors headers. Do you use PHP to generate the contents of the json file and return it? If yes, just add 

<?php header('Access-Control-Allow-Origin: *'); ?>

to this api.

And if it is really just a plain file, you would need to add the headers in apache, for example in htaccess (in the same folder):

Header add Access-Control-Allow-Origin "*"
Timur
  • 639
  • 6
  • 21