API Access Control Check

Question

I'm accessing an external API from Javascript in my app and I get this error:

Failed to load http://www.myapp.com//api/v1/syndication/categories?output=json: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://local.myapp.com' is therefore not allowed access. The response had HTTP status code 400.

    function MakeAPIRequest(requestUrl, requestData, callback) {

    $.ajax({

        beforeSend: function(xhr){
            xhr.setRequestHeader('Access-Control-Allow-Origin', 'http://local.myapp.com'); 
            xhr.setRequestHeader('Token', apiKey); 
        },
        type: "GET",
        url: requestUrl,
        data: requestData,
        dataType: "json",
        success: function(json){
            callback(json);
        }

    });

}

Could be the API doesn't accept an "OPTIONS" request? This is the server response:

{"error":"Bad Request - Only accepts get requests","code":1009}

`Access-Control-Allow-Origin` is a response header. your www.myapp.com needs to support cors. — Daniel A. White, Feb 02 '18 at 16:46

score 1 · Answer 1 · answered Feb 02 '18 at 16:47

{"error":"Bad Request - Only accepts get requests","code":1009} tells you that the server only accepts GET Requests while No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://local.myapp.com' is therefore not allowed access. is a so called cors error.

You need to allow CORS on your server to get rid of this error.

https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

score 0 · Answer 2 · answered Feb 02 '18 at 16:47

0

It is a CORS issue, the API you are calling resides on a different domain and the access control header does not allow requests from other domains.

answered Feb 02 '18 at 16:47

Mosè Raguzzini

15,399
1
31
43

API Access Control Check

2 Answers2