Is there a way to set the origin header to '*' in client-side javascript to access an API that is giving CORs issue?

Question

I am trying to access an API on the Javascript client side and get a CORS error. Is there a way to set the Origin to "*" on the client side? Thanks.

Failed to load https://: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://’ is therefore not allowed access."

No. If there were, it would be a massive security problem. CORS headers have to come from the server. — Pointy, Apr 05 '18 at 18:49
you can use --disable-web-security parameter when start chrome but there is no way to bypass CORS at every client and it should not as @Pointy said — Tamer Aktaş, Apr 05 '18 at 18:54

score 1 · Answer 1 · answered Apr 05 '18 at 18:58

NO, this is not possible.

The server side decides from which origin it's service could be consumed. By default, the policy is set to Same-origin and only the server side can override this policy be adding the CORS header. If client could override the same-origin policy, then there would be a major security issue.

Is there a way to set the origin header to '*' in client-side javascript to access an API that is giving CORs issue?

1 Answers1