0

Following problem. I'm trying to call a site via ajax which has a redirection, but the request fails due to "no 'Access-Control-Allow-Origin' header" error:

XMLHttpRequest cannot load https://somesite.com. Redirect from 'https://somesite.com' to 'https://someothersite.com/index.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://anysite.com' is therefore not allowed access.

What I want is the redirect URL which is displayed in the error response (and which is variable). I can't seem to access it but since it's displayed in the error response I'm thinking it should be accessible somehow.

            $.ajax({
                type: "POST",
                url: "https://somesite.com"
            });

Thanks for any help.

Rivenscryr
  • 47
  • 7
  • Please refer to this link already explain well `(https://stackoverflow.com/questions/28547288/no-access-control-allow-origin-header-is-present-on-the-requested-resource-err)` – Anand Choudhary Sep 19 '17 at 07:28
  • @Legman please re-read the question. –  Sep 19 '17 at 07:29
  • This error message looks like the one your network dev tools would throw, not the ones you could access from anywhere in web APIs. (i.e I don't think you can...) – Kaiido Sep 19 '17 at 07:33
  • @Kaiido maybe through the error function from ajax? even so, to get the url he is mentioning seems impossible to do it properly – Elmer Dantas Sep 19 '17 at 07:36
  • @ElmerDantas, xhr error messages aren't that verbose (I can think it's on purpose). But if OP could link us to an url where this blocked redirection occurs (the `https://somesite.com`), that could help to try things out. – Kaiido Sep 19 '17 at 07:38
  • The browser is doing the blocking, which means the browser has access to all kinds of information. Whether he exposes that information to the JS engine in the form of an API is another matter. I'm not aware of any mechanism to parse console errors. –  Sep 19 '17 at 07:40
  • @Kaiido true....I try it but there's no away to get this information from JS...maybe on server side. – Elmer Dantas Sep 19 '17 at 08:12
  • 1
    @ElmerDantas well if OP has access to the server, then I guess it defeats the whole question... (in case of same-origin request it's quite easy to know where we've been redirected : `fetch('/some_page').then(r=>{if(r.redirected)console.log('redirected to ', r.url})`) – Kaiido Sep 19 '17 at 08:16

1 Answers1

1

You can't do an AJAX request on a domain which is not the same as the call. For example, if you make an AJAX call on https://yoursite.com, you can't call https://anysite.com except if the server is explicitly allowing it.

I suggest to pass the request through a proxy. You can call a PHP (or other) route on your server which will do a cURL request to https://somesite.com and get the result for you.

Chris Harrison
  • 5,512
  • 3
  • 28
  • 36
Julien Bourdic
  • 1,398
  • 1
  • 12
  • 29
  • 2
    He wants to parse *'https://someothersite.com/index.php'* from the error message, not to bypass the error message. – Kaiido Sep 19 '17 at 07:33
  • Actually it is not a response error message from the distant server but a browser concern. I'm not sure you can get the entire error stack from the browser api. – Julien Bourdic Sep 19 '17 at 07:45