0

I know other questions like mine have been asked and answered, and most of them suggested adding "Access-Control-Allow-Origin": "*" into the header. However, even after doing so, I'm still getting the error: `Response to preflight request doesn't pass access control check: No Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 404.

My script is very simple. It's only the following: 

var url = 'https://www.goodreads.com/search.xml?key=[MY_KEY]&q=Ender%27s+Game';


fetch(url, {headers: {"Access-Control-Allow-Origin" : "*",}}).then(function(result){
    console.log(result);
});

When I access the site by just passing in url into the browser, I get a response. Therefore, I know that my security credentials are fine.

I'm not sure hat to do. Anyone have any suggestions?

Manny
  • 1
  • 2
  • You are completely misunderstanding how CORS headers work. They must be set by the remote endpoint in the response, not in the actual request. If they are not and that endpoint doesn't serve JSONP you need to use a proxy either on server you control or third party service – charlietfl Jun 02 '18 at 19:20
  • The `Access-Control-Allow-Origin` header is set by the server (i.e. `https://www.goodreads.com`), and not by the client (i.e. your code). – Steve Jun 02 '18 at 19:20

0 Answers0