-1

Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://127.0.0.1:5500' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

 var xhrReq = new XMLHttpRequest();
xhrReq.withCredentials = true;
xhrReq.open("GET", "https://lootpaliveapi.snapfulfil.net/api", true, "******", "*******");
xhrReq.setRequestHeader("content-type", "application/json");
xhrReq.setRequestHeader("Access-Control-Allow-Origin", "https://lootpaliveapi.snapfulfil.net");

xhrReq.onload = function(){
    console.log("READY STATE", xhrReq.readyState);
    if(this.status == 200) {
        console.log(this.responseText);
        document.getElementById("jsonDat").innerHTML = this.responseText;
    }
}

// Send Request to Get Data
xhrReq.send();

I have been trying to access third-party application server but Receiving some errors like above-mentioned one.

I would like to implement through javascript using XMLHttpRequest not from Server side because I'm my concern doesn't accept server-side scripts so.

Harish
  • 189
  • 2
  • 13

1 Answers1

-1

You will have to configure server side RestFull API to allow cross-origin requests.

OR

You can try to use an open source libraries to by pass CORS issue. Those libraries include: Any Origin, Whatever Origin, All Origins, crossorigin

Zeeshan Elahi
  • 247
  • 2
  • 9