0

I am using nodejs as backend and angularjs.

In my front end app, I neeed to read a feed at 'http://feeds.folha.uol.com.br/folha/ciencia/rss091.xml'.

I am getting an error of access-control-origin.

I don´t understand, because if I use the Postman app with this url or type right into browser no-error happens.

What am I doing wrong?

in my controller I am using:

app.controller('OpenWeatherCtrl', ['$scope','$http',
   function($scope,$http) {
$http.get('http://feeds.folha.uol.com.br/folha/ciencia/rss091.xml')
.then(function(data) {
        if (data && data.length >0 ) {
            $scope.news = data;
        }
    });

But I get the next error:

XMLHttpRequest cannot load http://feeds.folha.uol.com.br/folha/ciencia/rss091.xml. 
Response to preflight request doesn't pass access control check: 
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
Luiz Alves
  • 2,575
  • 4
  • 34
  • 75
  • Possible duplicate of ["No 'Access-Control-Allow-Origin' header is present on the requested resource"](https://stackoverflow.com/questions/20035101/no-access-control-allow-origin-header-is-present-on-the-requested-resource) – Claies Sep 10 '17 at 03:21
  • there are literally **hundreds** of questions about this error here, and they *all say the same thing*. The browser doesn't work the same as Postman, and unless the website you are trying to get feeds from allows your app access from their side, you can't pull data that way. CORS is a security feature, actively designed to stop what you are trying to do. – Claies Sep 10 '17 at 03:22
  • I have other app using delphi, I can access the url without problem. Sorry, I don´t know what is wrong – Luiz Alves Sep 10 '17 at 03:25
  • again, ***JavaScript REQUIRES special configuration (CORS) on the server that other access types do not***. Browsers are insecure, and cannot be used to transfer files over XHR unless the server actively allows it. – Claies Sep 10 '17 at 03:27

1 Answers1

1

Its because the site you are accessing enforces same origin policy, so that you can't access that particular URL from another webpage. The web server tells your browser that it doesn't allow accessing itself from your domain, localhost in this case. So browser refuses to load and fires the error. You can turn off same origin policy for your browser if you want for development purposes. But obviously you cant use it on production. If you are the owner of the website, you can allow access from localhost or any other domain you want.

Rahul K
  • 665
  • 10
  • 25