Response is a 401 error when requesting local resource from http webpage

Question

Chrome is throwing

XMLHttpRequest cannot load http://127.0.0.1:8006/test No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxx.yyy.com' is therefore not allowed access. The response had an HTTP status code 401.

I am opening a popup with HTTP and making a request to a local HTTP server created by Java.

It's working fine in all machines except in some different machine, the browser throws the above mentioned error.

As per my understanding, getting this error in HTTP to HTTP is a bit strange.

The problem isn’t the lack of the Access-Control-Allow-Origin header. That’s expected when the response is an error instead of a success message. The actual problem is that the response is a 401 instead of a 200 OK. And the fact that the response is a 401 has nothing at all to do with the CORS configuration in the server. — sideshowbarker, Dec 21 '18 at 13:28

helb · Answer 1 · 2018-12-21T13:04:27.043

2

It's not strange at all – 127.0.0.1:8006 and xxx.yyy.com are different origins, and the Java server is not sending the Access-Control-Allow-Origin header that would tell the broswer it's okay.

More details at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Basically, the Java server needs to add the Access-Control-Allow-Origin header with either an allowed CORS origin or a wildcard (which would allow any origin):

Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: http://xxx.yyy.com (including the protocol, since http and https are different origins in the browser's eyes)

edited Dec 21 '18 at 13:04

answered Dec 21 '18 at 12:54

helb

3,154
15
21

Allow Origin and Allow Headers both are already there. And if not, the same issue should occur on every machine. I tried requesting the same resource from Chrome Poster in the same machine and it's working. – TheCleverIdiot Dec 21 '18 at 13:03
What's the value in the allow-origin header? Can you please make a screenshot of the request details in devtools or that Poster extension? – helb Dec 21 '18 at 13:08

score 1 · Answer 2 · answered Dec 21 '18 at 12:53

1

You have to add headers in server side where you are calling that URL for web service implementation. This will help you to understand, how the headers are added in java.

For e.g:

.header("Access-Control-Allow-Origin", "*")

If still you want to avoid the cross origin error. In this case, I suggest you to use this extension with chrome: Chrome extension for cors.

This will help you to avoid cross origin error in browser only in your machine for the development purpose.

answered Dec 21 '18 at 12:53

Rajendra arora

2,186
1
16
23

Allow Origin and Allow Headers both are already there. And if not, the same issue should occur on every machine. I tried requesting the same resource from Chrome Poster in the same machine and it's working. – TheCleverIdiot Dec 21 '18 at 13:04

Response is a 401 error when requesting local resource from http webpage

2 Answers2