0

I have a problem to consume a third-party web service, when trying to consume the same by the JavaScript the return I get is:

XMLHttpRequest cannot load http://xxxxxxxxx:yyyyy/sccwebclient/svc/filetransfers/?startedDay%3E2018-05-02T00%3A00%3A00. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

but when trying to consume the same by the postman I can get a desired response, which is Json, to consume the same it is necessary to pass a header a login and password, as follows:

Authorization: xxxx #base64Code

to consume the webservise I created the following script:

function getListaWebService(url){
                $.ajax({
                    'url': url,
                    Type: "GET",
                    dataType: "json",
                    headers: {
                        "Authorization": "xxxx " + geraBase64("xxxx", "yyyy")
                    }
                }).done(function (objJson){
                    console.log("objJson", objJson);
                }).error(function (err) {
                    console.log("err", err);
                }); 
}

what I did wrong, if it is cross domain problem, how can I solve it by JS or Java?

halfer
  • 19,824
  • 17
  • 99
  • 186
user3061516
  • 105
  • 1
  • 1
  • 11
  • Did you try Googling the error? You need to learn about CORS and the Same-Origin Policy. – SLaks May 08 '18 at 18:05
  • PostMan will work as it is not running on a webhost, it just sends an HTTP request. Your script will send an Origin request header (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin). You will likely need to whitelist your dev domain in the webservice account settings to have the service provide a response to your applcation. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS for info on Cross-Origin Resource Sharing. – Seb Cooper May 08 '18 at 18:17
  • All comments here have directed you towards right direction. But If you just need to get it working only in your localhost, again only to get you going for development purpose, you can try adding '--disable-web-security' flag to your chrome properties. Google about how to add this and you will find the steps. – highhope May 08 '18 at 18:53

1 Answers1

1

This is a CORS issue. You can read about it here. You either have to ask your third party API server to allow your domain to access their resource in the Access-Control-Allow-Origin response header or another approach is to go with JsonP - read about it here

  • 1
    Another approach is performing a server proxy that request that resource. Then, JavaScript asks to your server and your server to that url. – Emeeus May 08 '18 at 18:20